Score:14

SSH default port not changing (Ubuntu 22.10)

md flag

I am on Ubuntu 22.10

I have:

  • Edited /etc/ssh/sshd_config, left the default '#Port 22' line but added below it: 'Port 1234'
  • Then added allow rule for it in UFW using command 'sudo ufw allow 1234' which added:
To Action From
1234 ALLOW Anywhere
1234 (v6) ALLOW Anywhere (v6)

I then restart the SSH service using 2 different methods (see start of block below) but I see no change, service status states it started listening on port 22 and to verify this I check listening ports and sure enough it's still 22.

sudo systemctl restart ssh

sudo service ssh restart

systemctl status ssh

ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
         └─00-socket.conf
 Active: active (running) since Mon 2022-11-07 10:12:52 AEDT; 5s ago
TriggeredBy: ● ssh.socket
   Docs: man:sshd(8)
         man:sshd_config(5)
Process: 54858 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 54859 (sshd)
  Tasks: 1 (limit: 1020)
 Memory: 1.3M
    CPU: 13ms
 CGroup: /system.slice/ssh.service
         └─54859 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Nov 07 10:12:52 webserver.abc.com systemd[1]: Starting OpenBSD Secure Shell server...
Nov 07 10:12:52 webserver.abc.com sshd[54859]: Server listening on :: port 22.
Nov 07 10:12:52 webserver.abc.com systemd[1]: Started OpenBSD Secure Shell server.

ss -tlpn

State         Recv-Q        Send-Q               Local Address:Port   Peer Address:Port Process
LISTEN        0             4096                             *:22                *:*    -

Am I missing a step or doing something wrong? I do note the service status has "preset: enabled" but multiple guides I've read haven't mentioned anything about disabling anything like presets.

EDIT: Thanks matigo for reminding me but sshd.service doesn't seem to be installed yet I have the config files and can remote in just fine, not sure if I just don't understand and I need to install sshd for it to take over the default ssh operations?

in flag
Can I confirm that the service name is `ssh` rather than `sshd`? Generally the server is restarted with `service sshd restart` if you are using the standard server for Ubuntu
Silently avatar
md flag
@matigo I thought that but the default box from linode of this version of ubuntu when I look at the service list with `systemctl list-units --type=service` I only see one entry for ssh: `ssh.service loaded active running OpenBSD Secure Shell server` Do I need to install sshd separately? I thought of this but then thought it strange that I have sshd config files and I can ssh in just fine at the moment using defaults. When trying to do anything with sshd it suggests it doesn't exist: `Unit sshd.service could not be found.`
Silently avatar
md flag
`openssh-client/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]` `openssh-server/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]`
rexypoo avatar
cn flag
Could you edit the question to include what you tried when you say "I then restart the SSH service using 2 different methods but I see no change"? For beginners, the most surefire way to restart a service is probably to reboot the computer. Additionally if you're on Linode then the host may have some backend magic going on and you should probably search their documentation.
Silently avatar
md flag
@rexypoo Thanks Rexy, I actually did include the commands in the block just below it. I've edited the post to refer to below.
gameaddict avatar
jp flag
Nothing worked for me, I tried eveything below to no avail. After wasting some time, it was a new server install, so I rebooted to try to terminate the running ssh and get it to reset it. Actually it still didn't work, it's still running on port 22!!
Score:21
md flag

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

TLDR: The /etc/ssh/sshd_config are unused, now that I read the comments in full I found:

# Port and ListenAddress options are not used when sshd is socket-activated,
# which is now the default in Ubuntu. See sshd_config(5) and
# /usr/share/doc/openssh-server/README.Debian.gz for details.

Your options for changing from default port:

  • Turning off this change and reverting to how SSHd worked prior to this update (From twinsen in discussion linked above):

    • systemctl disable --now ssh.socket
    • systemctl enable --now ssh.service
    • Then the /etc/ssh/sshd_config works again with Ports and Addresses setting
  • OR Listening socket stream update (from saxl in discussion linked above)

    1. mkdir -p /etc/systemd/system/ssh.socket.d
    2. cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF
      [Socket]
      ListenStream=
      ListenStream=1234
      EOF
      
    3. sudo systemctl daemon-reload
    4. sudo systemctl restart ssh.socket

It should then state it's started listening on the new port: systemctl status ssh ...

Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on 0.0.0.0 port 1234.
Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on :: port 1234

Andrew Grow avatar
ro flag
reverting to how SSHd worked prior does't worked for me but the second solution is working perfectly, thank you sir!
cn flag
disable socket doesn't work on Ubuntu 23, the new config does work.
Jan avatar
jp flag
Jan
Important: don't forget to add the funny "ListenStream=" line (with no address). Without it it doesn't work -- and doesn't print any error messages either :(
Score:8
kh flag

This is how I solved the OpenSSH port issue on Ubuntu 22.10.

Important - Please take a backup or snapshot before you make changes.

Use the nano editor and change the value of ListenStream parameter

sudo nano /lib/systemd/system/ssh.socket

Change the following parameter to the port of your choice e.g. 44022

ListenStream=44022

Save the file and quit nano editor.

sudo systemctl daemon-reload<br>
sudo systemctl restart ssh<br>
sudo netstat -tulpn<br>

Now you should be able to see that the port 44022 is open.

Do not forget to open the port on firewall e.g. ufw.

sudo ufw allow 44022

I suggest you open another putty session to ensure you are able to login.

Minqi Pan avatar
jp flag
This worked for me! Thank you
Saftever avatar
ht flag
This also enables `/etc/ssh/sshd_config` or `sshd_config.d/*.conf` to work again. The accepted answer didn't work, tried those two options.
Spartacus Rocha avatar
xk flag
As @Saftever this worked for me, while accepted answer didn't work.
muru avatar
us flag
Any edits to `/lib/systemd/system/ssh.socket` will be lost when the package is updated
Score:3
tc flag

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

For my purposes adding a socket handler is a complication that we do not want, so we are adding the following to our pre-ansible installation steps to remove ssh.socket and go back to using the sshd_config file. (Some of these were not previously documented, so this might save someone else some time.)

Previously we would do the following post-build.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl restart ssh

It looks like the following was required on a new ubuntu 20.10 (Mate 20.10) installation.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl disable --now ssh.socket
sudo systemctl enable --now ssh.service
sudo mv /etc/systemd/system/ssh.service.d/00-socket.conf ./save_disable_ssh.service.d_00-socket.conf
sudo systemctl daemon-reload
sudo systemctl stop ssh
sudo systemctl stop ssh.socket
sudo systemctl start ssh

ymmv

Score:2
us flag

I followed the steps from others but nothing worked,... until I uninstalled openssh-server and then reinstalled it, along with ssh.

  1. mkdir -p /etc/systemd/system/ssh.socket.d
    
  2. nano /etc/systemd/system/ssh.socket.d/listen.conf
    
    [Socket]
    ListenStream=
    ListenStream=1234
    
  3. sudo apt remove --purge openssh-server
    
  4. sudo apt install openssh-server ssh
    
  5. sudo systemctl daemon-reload
    
  6. sudo systemctl restart ssh
    

After this, running sudo systemctl status ssh should show you are listening on the ports originally setup.

Feb 21 19:28:08 Computer systemd[1]: Starting OpenBSD Secure Shell server...
Feb 21 19:28:08 Computer sshd[48455]: Server listening on :: port 1234.
Feb 21 19:28:08 Computer systemd[1]: Started OpenBSD Secure Shell server.

I do not understand why but I wonder if there was some daemon that did not want to be restarted/reloaded or killed, but uninstalling and reinstalling forced that and therefore picked up the new configuration changes. Very ugly.

m_highlanderish avatar
ve flag
This is the only solution that worked for me on 23.04, none of the others did. For whatever reason, the reinstall is necessary.
Score:1
cm flag

@Silently is right, probably... But systemctl disable --now ssh.socket ; systemctl enable --now ssh.service method doesn't work for me. I don't care why Ubuntu team decided to break SSHD severely, they do it wrong regardless of their intentions: only that odd "Listening socket stream update" method works!

Update: the topic starter didn't mention that you should do it in a slightly different way:

  1. mkdir -p /etc/systemd/system/ssh.socket.d
    
  2. cat > /etc/systemd/system/ssh.socket.d/listen.conf << EOF
    [Socket]
    ListenStream=
    ListenStream=1234
    EOF
    
  3. Change SSHD port one way or another (I added /etc/ssh/sshd_config.d/local.conf with Port 1234)

  4. [sudo] systemctl daemon-reload

  5. [sudo] systemctl restart ssh

Score:0
in flag

I followed the answers to this question today (2023-02-14), and still was getting a SSH service being spawned on ipv6, even though I had set AcceptFamily inet and ListenAddress 10.0.2.15:2022 configured on my /etc/ssh/sshd_config file on Ubuntu 22.10, then configured listen.conf with the different port.

Well, I traced this bug report: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/comments/14 which let me to the script on https://launchpadlibrarian.net/630622842/openssh_9.0p1-1ubuntu8.debdiff

which hinted the solution for me. So, if you need a basic configuration of a single ipv4 address listening on a custom port (e.g. 10.0.2.15 on 22022), do this:

  • Erase all Port and ListenAddress information on /etc/ssh/sshd_config
  • Create the directory /etc/systemd/system/ssh.socket.d (i.e. sudo mkdir -p /etc/systemd/system/ssh.socket.d)
  • Put this content to the /etc/systemd/system/ssh.socket.d/addresses.conf file:

[Socket]
ListenStream=
ListenStream=10.0.2.15:2022

HINT: Do not put Accept=yes on this configuration, hoping for the OS to spawn a ssh service on connection demand. On a new Ubuntu 22.10 installation and configuration as in this answer, this made the ssh service to listen on 0.0.0.0 port 22, and even worse not starting the service on boot.

Then issue these commands:

systemctl daemon-reload
systemctl disable ssh.socket
systemctl stop ssh.socket
systemctl enable ssh.service
systemctl start ssh.service
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.