Score:0

Ubuntu

SSH connection refused on custom port (2222)

rhuanpk

4/2/24, 5:01 PM

I know that there are many, many topics on exactly this subject, however, nothing is working for me (i'm using ubuntu 22.10).

I added this configuration in /etc/ssh/sshd_config.d/sshd_config.conf:

Port 2222
PermitRootLogin no
PermitEmptyPasswords no
ClientAliveInterval 300
ClientAliveCountMax 0
MaxAuthTries 5

this setting in ufw:

sudo ufw allow 2222/tcp
# Rule added
# Rule added (v6)

sudo ufw status
# Status: active
#
# To                         Action      From
# --                         ------      ----
# 2222/tcp                   ALLOW       Anywhere                  
# 2222/tcp (v6)              ALLOW       Anywhere (v6)

and on my router (which is a MERCUSYS MR30G):

allowed port in router

so... when I try to make the connection:

ssh -p 2222 user@address
# ssh: connect to host address port 2222: Connection refused

for debugging...

ssh -V:

OpenSSH_9.0p1 Ubuntu-1ubuntu7.1, OpenSSL 3.0.5 5 Jul 2022

sudo service ssh status:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-04-02 13:19:58 -03; 30min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 609877 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 609878 (sshd)
      Tasks: 1 (limit: 9293)
     Memory: 1.4M
        CPU: 39ms
     CGroup: /system.slice/ssh.service
             └─609878 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Apr 02 13:19:57 patrickstar systemd[1]: Starting OpenBSD Secure Shell server...
Apr 02 13:19:58 patrickstar sshd[609878]: Server listening on 0.0.0.0 port 2222.
Apr 02 13:19:58 patrickstar sshd[609878]: Server listening on :: port 2222.
Apr 02 13:19:58 patrickstar systemd[1]: Started OpenBSD Secure Shell server.

sudo ss -ntpl | grep 2222:

LISTEN 0      128          0.0.0.0:2222       0.0.0.0:*    users:(("sshd",pid=609878,fd=3))         
LISTEN 0      128             [::]:2222          [::]:*    users:(("sshd",pid=609878,fd=4))

308

0 + 14

ssh

steeldriver

4/2/24, 5:17 PM

This is possibly due to the recent change to socket-based activation - see for example [SSH default port not changing (Ubuntu 22.10)](https://askubuntu.com/a/1442770/178692)

rhuanpk

4/2/24, 7:30 PM

I was aware of this new change, however, I made some changes to "disable" the ssh socket: 1. I disabled the socket: `sudo systemctl disable --now ssh.socket` 2. I removed the file that forces socket activation: `sudo rm -f /etc/systemd/system/ssh.service.d/00-socket.conf` 3. I enabled SSH daemon: `sudo systemctl enable --now ssh.service` this way SSH starts to read the user's configuration file that I mentioned above in the question and starts to listen to the port that I configured in this file.

Organic Marble

4/2/24, 10:27 PM

Can you connect from another system on the same LAN (which would narrow down the problem to the router)?

Terrance

4/3/24, 12:20 AM

@rhuanpk Please add the information you just left here in the comment section into your question. Please add in all information of what you have tried so that we are not guessing. Thank you!

rhuanpk

4/3/24, 3:21 AM

@OrganicMarble, from termux on my mobile, it works with both on the same network, the connection succeeds with the command `ssh -p 2222 user@localipaddress`.

rhuanpk

4/3/24, 3:28 AM

@Terrance, all the information I managed to collect or the changes I made, I put them all in my question, the only detail that had been left out was about the `ssh.socket` that I already mentioned in the previous comment. Is there any more information I could get? ps: sorry for my english :P

Pablo Bianchi

4/3/24, 4:09 AM

Did you try [test mode](https://superuser.com/a/1291078/500826)

Terrance

4/3/24, 4:11 AM

I am guessing your information is fine. I just did an openssh-server installation on a test server running 22.10 here and it connected up to port 2222 just fine, both internally on my network, and externally through my router. My guess is something with your router is not allowing it through, or your ISP might be blocking it.

rhuanpk

4/3/24, 5:04 AM

@PabloBianchi, the test command `sudo sshd -t` did not produce any output (return code 0).

rhuanpk

4/3/24, 5:25 AM

@Terrance, I'll try to talk to my ISP about it.

rhuanpk

4/3/24, 4:07 PM

well, after a LOT of analysis, I came to the conclusion that the blocking is actually at my ISP, apparently they have a NAT that fronts my internet, which makes all the configuration of port redirection on my router, on the firewall and in ssh from my machine it is useless if my ISP does not release the port in the NAT or if they directly deliver a public IP to my router well, as there are no problems here, and only administrative questions, I'll close the topic, thank you very much to everyone who helped me and contributed to my reaching this conclusion (mainly to @Terrance). thank you all!

Terrance

4/3/24, 4:32 PM

I wonder if your ISP is blocking OpenVPN (usually UDP port 1194)? I have set this up on my video server as my OpenVPN connection then my router forwards UDP port 1194 to my video server which then allows me once connected to my network that way for my SSH to work. These instructions are for the PiHole, but they work on Ubuntu. https://docs.pi-hole.net/guides/vpn/openvpn/installation/ but only the OpenVPN stuff, unless you want to do a PiHole as well.

rhuanpk

4/3/24, 7:04 PM

@Terrance, yes, cool... could you explain to me how this flow would be with the VPN?

Terrance

4/4/24, 3:09 AM

I can't go deep into it here because this site isn't for this, but for this you would only need to choose a computer inside of your home network to be dedicated to run the OpenVPN server on it. It can be used for other things as well, but it would have to be something you leave on so that you can login through it. Then you generate your ovpn files that use a certificate in them that you copy to the client that will be logging into the server with and you use the OpenVPN client for that system. Also works on cell phones. I do recommend some sort of DDNS for dynamic updating public IPs.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSH connection refused on custom port (2222)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.