Join Log in
Score:14
Silently avatar Ubuntu

SSH default port not changing (Ubuntu 22.10)

md flag
Silently

I am on Ubuntu 22.10

I have:

  • Edited /etc/ssh/sshd_config, left the default '#Port 22' line but added below it: 'Port 1234'
  • Then added allow rule for it in UFW using command 'sudo ufw allow 1234' which added:
To Action From
1234 ALLOW Anywhere
1234 (v6) ALLOW Anywhere (v6)

I then restart the SSH service using 2 different methods (see start of block below) but I see no change, service status states it started listening on port 22 and to verify this I check listening ports and sure enough it's still 22.

sudo systemctl restart ssh

sudo service ssh restart

systemctl status ssh

ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
         └─00-socket.conf
 Active: active (running) since Mon 2022-11-07 10:12:52 AEDT; 5s ago
TriggeredBy: ● ssh.socket
   Docs: man:sshd(8)
         man:sshd_config(5)
Process: 54858 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 54859 (sshd)
  Tasks: 1 (limit: 1020)
 Memory: 1.3M
    CPU: 13ms
 CGroup: /system.slice/ssh.service
         └─54859 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Nov 07 10:12:52 webserver.abc.com systemd[1]: Starting OpenBSD Secure Shell server...
Nov 07 10:12:52 webserver.abc.com sshd[54859]: Server listening on :: port 22.
Nov 07 10:12:52 webserver.abc.com systemd[1]: Started OpenBSD Secure Shell server.

ss -tlpn

State         Recv-Q        Send-Q               Local Address:Port   Peer Address:Port Process
LISTEN        0             4096                             *:22                *:*    -

Am I missing a step or doing something wrong? I do note the service status has "preset: enabled" but multiple guides I've read haven't mentioned anything about disabling anything like presets.

EDIT: Thanks matigo for reminding me but sshd.service doesn't seem to be installed yet I have the config files and can remote in just fine, not sure if I just don't understand and I need to install sshd for it to take over the default ssh operations?

13506
6 + 6
ssh
in flag
matigo
Can I confirm that the service name is `ssh` rather than `sshd`? Generally the server is restarted with `service sshd restart` if you are using the standard server for Ubuntu
0
Reply
Silently avatar
md flag
Silently
@matigo I thought that but the default box from linode of this version of ubuntu when I look at the service list with `systemctl list-units --type=service` I only see one entry for ssh: `ssh.service loaded active running OpenBSD Secure Shell server` Do I need to install sshd separately? I thought of this but then thought it strange that I have sshd config files and I can ssh in just fine at the moment using defaults. When trying to do anything with sshd it suggests it doesn't exist: `Unit sshd.service could not be found.`
0
Reply
Silently avatar
md flag
Silently
`openssh-client/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]` `openssh-server/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]`
0
Reply
rexypoo avatar
cn flag
rexypoo
Could you edit the question to include what you tried when you say "I then restart the SSH service using 2 different methods but I see no change"? For beginners, the most surefire way to restart a service is probably to reboot the computer. Additionally if you're on Linode then the host may have some backend magic going on and you should probably search their documentation.
0
Reply
Silently avatar
md flag
Silently
@rexypoo Thanks Rexy, I actually did include the commands in the block just below it. I've edited the post to refer to below.
0
Reply
gameaddict avatar
jp flag
gameaddict
Nothing worked for me, I tried eveything below to no avail. After wasting some time, it was a new server install, so I rebooted to try to terminate the running ssh and get it to reset it. Actually it still didn't work, it's still running on port 22!!
0
Reply
Score:21
Silently avatar Ubuntu
md flag
Silently

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

TLDR: The /etc/ssh/sshd_config are unused, now that I read the comments in full I found:

# Port and ListenAddress options are not used when sshd is socket-activated,
# which is now the default in Ubuntu. See sshd_config(5) and
# /usr/share/doc/openssh-server/README.Debian.gz for details.

Your options for changing from default port:

  • Turning off this change and reverting to how SSHd worked prior to this update (From twinsen in discussion linked above):

    • systemctl disable --now ssh.socket
    • systemctl enable --now ssh.service
    • Then the /etc/ssh/sshd_config works again with Ports and Addresses setting

  • OR Listening socket stream update (from saxl in discussion linked above)

    1. mkdir -p /etc/systemd/system/ssh.socket.d
    2. cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF
[Socket]
ListenStream=
ListenStream=1234
EOF
    3. sudo systemctl daemon-reload
    4. sudo systemctl restart ssh.socket

It should then state it's started listening on the new port: systemctl status ssh ...

Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on 0.0.0.0 port 1234.
Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on :: port 1234

+ 3
Andrew Grow avatar
ro flag
Andrew Grow
reverting to how SSHd worked prior does't worked for me but the second solution is working perfectly, thank you sir!
0
Reply
cn flag
Pablo Pazos
disable socket doesn't work on Ubuntu 23, the new config does work.
0
Reply
Jan avatar
jp flag
Jan
Important: don't forget to add the funny "ListenStream=" line (with no address). Without it it doesn't work -- and doesn't print any error messages either :(
0
Reply
Score:8
Cyberian avatar Ubuntu
kh flag
Cyberian

This is how I solved the OpenSSH port issue on Ubuntu 22.10.

Important - Please take a backup or snapshot before you make changes.

Use the nano editor and change the value of ListenStream parameter

sudo nano /lib/systemd/system/ssh.socket

Change the following parameter to the port of your choice e.g. 44022

ListenStream=44022

Save the file and quit nano editor.

sudo systemctl daemon-reload<br>
sudo systemctl restart ssh<br>
sudo netstat -tulpn<br>

Now you should be able to see that the port 44022 is open.

Do not forget to open the port on firewall e.g. ufw.

sudo ufw allow 44022

I suggest you open another putty session to ensure you are able to login.

+ 4
Minqi Pan avatar
jp flag
Minqi Pan
This worked for me! Thank you
0
Reply
Saftever avatar
ht flag
Saftever
This also enables `/etc/ssh/sshd_config` or `sshd_config.d/*.conf` to work again. The accepted answer didn't work, tried those two options.
0
Reply
Spartacus Rocha avatar
xk flag
Spartacus Rocha
As @Saftever this worked for me, while accepted answer didn't work.
0
Reply
muru avatar
us flag
muru
Any edits to `/lib/systemd/system/ssh.socket` will be lost when the package is updated
0
Reply
Score:3
Vik Solem avatar Ubuntu
tc flag
Vik Solem

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

For my purposes adding a socket handler is a complication that we do not want, so we are adding the following to our pre-ansible installation steps to remove ssh.socket and go back to using the sshd_config file. (Some of these were not previously documented, so this might save someone else some time.)

Previously we would do the following post-build.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl restart ssh

It looks like the following was required on a new ubuntu 20.10 (Mate 20.10) installation.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl disable --now ssh.socket
sudo systemctl enable --now ssh.service
sudo mv /etc/systemd/system/ssh.service.d/00-socket.conf ./save_disable_ssh.service.d_00-socket.conf
sudo systemctl daemon-reload
sudo systemctl stop ssh
sudo systemctl stop ssh.socket
sudo systemctl start ssh

ymmv

+ 0
Score:2
C.D. avatar Ubuntu
us flag
C.D.

I followed the steps from others but nothing worked,... until I uninstalled openssh-server and then reinstalled it, along with ssh.

  1. mkdir -p /etc/systemd/system/ssh.socket.d

  2. nano /etc/systemd/system/ssh.socket.d/listen.conf

    [Socket]
ListenStream=
ListenStream=1234

  3. sudo apt remove --purge openssh-server

  4. sudo apt install openssh-server ssh

  5. sudo systemctl daemon-reload

  6. sudo systemctl restart ssh

After this, running sudo systemctl status ssh should show you are listening on the ports originally setup.

Feb 21 19:28:08 Computer systemd[1]: Starting OpenBSD Secure Shell server...
Feb 21 19:28:08 Computer sshd[48455]: Server listening on :: port 1234.
Feb 21 19:28:08 Computer systemd[1]: Started OpenBSD Secure Shell server.

I do not understand why but I wonder if there was some daemon that did not want to be restarted/reloaded or killed, but uninstalling and reinstalling forced that and therefore picked up the new configuration changes. Very ugly.

+ 1
m_highlanderish avatar
ve flag
m_highlanderish
This is the only solution that worked for me on 23.04, none of the others did. For whatever reason, the reinstall is necessary.
0
Reply
Score:1
abulava avatar Ubuntu
cm flag
abulava

@Silently is right, probably... But systemctl disable --now ssh.socket ; systemctl enable --now ssh.service method doesn't work for me. I don't care why Ubuntu team decided to break SSHD severely, they do it wrong regardless of their intentions: only that odd "Listening socket stream update" method works!

Update: the topic starter didn't mention that you should do it in a slightly different way:

  1. mkdir -p /etc/systemd/system/ssh.socket.d

  2. cat > /etc/systemd/system/ssh.socket.d/listen.conf << EOF
[Socket]
ListenStream=
ListenStream=1234
EOF

  3. Change SSHD port one way or another (I added /etc/ssh/sshd_config.d/local.conf with Port 1234)

  4. [sudo] systemctl daemon-reload

  5. [sudo] systemctl restart ssh

+ 0
Score:0
Niloct avatar Ubuntu
in flag
Niloct

I followed the answers to this question today (2023-02-14), and still was getting a SSH service being spawned on ipv6, even though I had set AcceptFamily inet and ListenAddress 10.0.2.15:2022 configured on my /etc/ssh/sshd_config file on Ubuntu 22.10, then configured listen.conf with the different port.

Well, I traced this bug report: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/comments/14 which let me to the script on https://launchpadlibrarian.net/630622842/openssh_9.0p1-1ubuntu8.debdiff

which hinted the solution for me. So, if you need a basic configuration of a single ipv4 address listening on a custom port (e.g. 10.0.2.15 on 22022), do this:

  • Erase all Port and ListenAddress information on /etc/ssh/sshd_config
  • Create the directory /etc/systemd/system/ssh.socket.d (i.e. sudo mkdir -p /etc/systemd/system/ssh.socket.d)
  • Put this content to the /etc/systemd/system/ssh.socket.d/addresses.conf file:
[Socket]
ListenStream=
ListenStream=10.0.2.15:2022

HINT: Do not put Accept=yes on this configuration, hoping for the OS to spawn a ssh service on connection demand. On a new Ubuntu 22.10 installation and configuration as in this answer, this made the ssh service to listen on 0.0.0.0 port 22, and even worse not starting the service on boot.

Then issue these commands:

systemctl daemon-reload
systemctl disable ssh.socket
systemctl stop ssh.socket
systemctl enable ssh.service
systemctl start ssh.service
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.