this post was submitted on 17 Aug 2023
5 points (77.8% liked)

Self Hosted - Self-hosting your services.

11399 readers
3 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

Hello all. I'm trying to change the SSH port on an Oracle VM, but I'm getting nowhere and I don't know where to solve the issue.

I have changed the SSH port:

edit /etc/ssh/sshd_config

Entered the port info:

Port 5522

I restarted the service:

sudo systemctl restart ssh

And made sure that the port is open:

ss -an | grep 5522
tcp   LISTEN 0      128                                                                               0.0.0.0:5522                0.0.0.0:*            
tcp   LISTEN 0      128                                                                                  [::]:5522                   [::]:*    

I also allow incoming traffic to 5522:

sudo ufw allow 5522/tcp comment 'Open port ssh tcp port 5522'

AND just to make sure, I allow 'routed':

sudo ufw default allow FORWARD

And make sure the FW config is valid:

sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                   # Open port ssh tcp port 22
5522/tcp                   ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)              # Open port ssh tcp port 22
5522/tcp (v6)              ALLOW IN    Anywhere (v6)              # Open real ssh tcp port 22

Yet, I cannot connect to this server. Trying to ssh -vvvv -p 5522 [ip-adress] yields this:

OpenSSH_9.0p1 Ubuntu-1ubuntu8.4, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 129.x.x.5 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/x/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/x/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 129.x.x.5 [129.x.x.5] port 5522.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: connect to address 129.x.x.5 port 5522: No route to host
ssh: connect to host 129.x.x.5 port 5522: No route to host

I can connect just fine when the port is at 22, but as soon as I change it to 5522, i get the 'no route to host' error.

I've made sure I have rules on Oracle cloud that allows ingress and egress traffic to 0.0.0.0/0 on all protocols, no matter the destination / source.

What am I doing wrong? It feels that this problem is host (server) based rather client based, since I'm getting a routing error. Do I need to configure the routing for that port specifically, and if so how?

PS: Also, connecting to localhost:5522 from the server itself works fine. So the problem is not in the configuration, but likely network related.


EDIT: This issue is solved, solution written on this post: https://lemmy.ml/comment/2787074

you are viewing a single comment's thread
view the rest of the comments
[–] tetra@feddit.de 2 points 1 year ago (1 children)

Ist that 0.0.0.0/24 CIDR a typo? That suffix should probably be /0.

Also make sure to actually assign the firewall to your instance's subnet in the Oracle cloud Interface.

[–] krash@lemmy.ml 2 points 1 year ago

Correct - that was a typo, I've corrected the original post. Not a good idea to write a report when you're angry and tired... 🤣

The firewall (Network Security Group in Oracle lingo) is indeed attached to the subnet. I think I've solved the issue, will write it in a seperate post and link it to the original post.