Hello all! I have strange problem. I tried ssh to remote server from server from lan. I wasn't able to do this. There was an error "connection time out". Sshd service on remote server use 5688 port. After changing it to default 22 ssh connection worked. I tried on ufw enabled and added two rules (for ipv4 and ipv6) Code: ufw allow 22 and Code: ufw allow 5688 . It does not work. Then I tried on ufw disabled. Still nothing if sshd uses 5688. I checked iptables -S. With disabled ufw there wasn't any rules related with 5688 port but after enable ufw rules appeared. Still nothing, still ssh connection doesn't work. I tried disable ufw and use only iptables rules like below: Code: sudo iptables -A INPUT -p tcp --dport 5522 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT and Code: sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT Neither first one nor second one did not help. Still unable to connect via ssh using port 5688. Of course after changing to 22 I am able to connect. Can anybody tell me what is wrong?
Hi, this could be a problem with a firewall from your server provider... do you have any fw settings enabled in the panel of your provider? do you use proxmox or smth. similiar? did you enabled logging for the sshd service and check the log? did you restart your sshd service after changing the port to 5688?
1. On the VPS I disabled/cleared ufw, iptables rules, fail2ban. 2. Yes. I did. Nothing useful appeared "connection timed out". Code: Executing: program /usr/bin/ssh host id_zdalny, user web2, command scp -v -f /path/to/file/baza.sql OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to id_zdalny [id_zdalny] port 5688. debug1: connect to address id_zdalny port 5688: Connection timed out ssh: connect to host id_zdalny port 5688: Connection timed out 3. Yes, I did restart after changing the port.
If you try Code: netstat -tulpn is there a service running on this port except ssh? if so, you have to use another port because its already used by this service. Try to use a different port than 5688 It's complicated to solve your problem without knowing the exact setup of your server (ispconfig or another panel installed? which services are running that have impact on firewalling, ...)
If I remember correctly, you need to set the wanted port in ssh config file before you can use it, other than opening the said port. Can't tell you the exact file since I am not in front of my pc.
The file you're mention is Code: /etc/ssh/sshd_config I thought, because of my question, if he restarts the sshd service, he did know that already.
ok, so if ssh on the server is configured to use port 5688, why are you creating firewall rules for ports 5522 and 2222? ok, so with ufw enabled, there are iptables rules for port 5688, so what are they? for all we know they are restricting access to a specific source ip, which may not be your ip. are there any other firewalls/NAT/load balancers on the remote network, between the internet connection and the actual server? if so, they could be blocking / redirecting connection on port 5688. are you using port knocking to hide the ssh port on top of using a non-default port?
1. This is clear server with apache and mysql only. 2. Default port 22 for sshd works well and I knew it but I have no idea why another port than 22 is not working. 3. Command netstat -tulpn does not give any other service on this port.
You have right. I copied (from notepad) default version of my command without changing the ports before put it here. My mistake. On the server was good but of course clearing all iptables rules, disable ufw did not help. This is simple VPS bought in OVH. There is not any load balancers and additional firewalls. Hmm, I am not sure that OVH does not give some additional firewall. I tried many things before post here. On the Facebook I put many different ways and nothing happened.
ovh provides a network firewall: https://docs.ovh.com/gb/en/dedicated/firewall-network/ it sounds like it's not on by default, and even when turned on, doesn't block anything by default until you start adding rules. may be worth checking that this hasn't been previously enabled and configured.
ok, just to be sure that the correct file as been modified correctly, as sascha92 referred to. can you, on the remote server: grep Port /etc/ssh/sshd_config and post the output here. and to make sure that the setting really is active, as root, and making sure you do not close your current session: systemctl restart ssh then try to ssh to the port specified in the grep output. if it doesn't work, it may be worth trying it from another source location/network with a different source computer. or DM the server ip & port to someone on here to test. that will at least eliminate something on your pc or network being the cause of your problems.
Output when ssh works (on port 22): Code: #Port 22 #GatewayPorts no this is the output when the problem is: Code: Port 5688 #GatewayPorts no
If the ssh port is correctly set, then your next steps should be setting server's firewall via ufw allow ssh as you mentiones in OP and then check network firewall whether disabling it altogether or enable it with all your server's allowed ports as mentioned by @nhybgtvfr in his earlier post. Should all are correct but still not working, then you do not have any other choices except to contact OVH for support.
