this post was submitted on 17 Aug 2023
5 points (77.8% liked)

Self Hosted - Self-hosting your services.

11419 readers
2 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules

Important

Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!

Cross-posting

If you see a rule-breaker please DM the mods!

founded 3 years ago
MODERATORS
 

Hello all. I'm trying to change the SSH port on an Oracle VM, but I'm getting nowhere and I don't know where to solve the issue.

I have changed the SSH port:

edit /etc/ssh/sshd_config

Entered the port info:

Port 5522

I restarted the service:

sudo systemctl restart ssh

And made sure that the port is open:

ss -an | grep 5522
tcp   LISTEN 0      128                                                                               0.0.0.0:5522                0.0.0.0:*            
tcp   LISTEN 0      128                                                                                  [::]:5522                   [::]:*    

I also allow incoming traffic to 5522:

sudo ufw allow 5522/tcp comment 'Open port ssh tcp port 5522'

AND just to make sure, I allow 'routed':

sudo ufw default allow FORWARD

And make sure the FW config is valid:

sudo ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                   # Open port ssh tcp port 22
5522/tcp                   ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)              # Open port ssh tcp port 22
5522/tcp (v6)              ALLOW IN    Anywhere (v6)              # Open real ssh tcp port 22

Yet, I cannot connect to this server. Trying to ssh -vvvv -p 5522 [ip-adress] yields this:

OpenSSH_9.0p1 Ubuntu-1ubuntu8.4, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 129.x.x.5 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/x/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/x/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 129.x.x.5 [129.x.x.5] port 5522.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: connect to address 129.x.x.5 port 5522: No route to host
ssh: connect to host 129.x.x.5 port 5522: No route to host

I can connect just fine when the port is at 22, but as soon as I change it to 5522, i get the 'no route to host' error.

I've made sure I have rules on Oracle cloud that allows ingress and egress traffic to 0.0.0.0/0 on all protocols, no matter the destination / source.

What am I doing wrong? It feels that this problem is host (server) based rather client based, since I'm getting a routing error. Do I need to configure the routing for that port specifically, and if so how?

PS: Also, connecting to localhost:5522 from the server itself works fine. So the problem is not in the configuration, but likely network related.


EDIT: This issue is solved, solution written on this post: https://lemmy.ml/comment/2787074

top 6 comments
sorted by: hot top controversial new old
[โ€“] tetra@feddit.de 2 points 1 year ago (1 children)

Ist that 0.0.0.0/24 CIDR a typo? That suffix should probably be /0.

Also make sure to actually assign the firewall to your instance's subnet in the Oracle cloud Interface.

[โ€“] krash@lemmy.ml 2 points 1 year ago

Correct - that was a typo, I've corrected the original post. Not a good idea to write a report when you're angry and tired... ๐Ÿคฃ

The firewall (Network Security Group in Oracle lingo) is indeed attached to the subnet. I think I've solved the issue, will write it in a seperate post and link it to the original post.

[โ€“] randombullet@feddit.de 1 points 1 year ago

Do you have a firewall between the two devices?

Can you do a packet capture to make sure that both ends are behaving as expected?

Can you double check your IPs. I've had this issue before by fat fingering

[โ€“] silent_water@hexbear.net 1 points 1 year ago (1 children)

ufw allow 22/tcp comment 'Open port ssh tcp port 22'

is this a typo or is port 5522 actually not open on your firewall?

[โ€“] krash@lemmy.ml 1 points 1 year ago

Correct - that was a typo in this post. The output from sudo ufw status verbose is however correct.

I think I've solved the issue, will write it in a seperate post and link it to the original post.

[โ€“] krash@lemmy.ml 1 points 1 year ago

So I managed to smash a few buttons randomly again, and get this solved.

There are a few things to be aware of:

  • Oracle doesn't like ufw. So I disabled it and uninstalled it. Having ufw installed may result in bad stuff. Link
  • I decided to flush all rules in ip-tables to start on a clean slate: sudo iptables -F
  • While I'm at it, I've changed ip-tables to allow ALL. THE. INBOUND. TRAFFIC: sudo iptables -I INPUT -j ACCEPT
  • One last thing, I've changed the state of the firewall to go from stateful to stateless, still with no restrictions on the ingress / egress traffic.

This is, of course, not a recommended setup for a host to be used in production or to have critical data, but it gave me a host in a working state that I can work with.

Some posts that helped me in this: