changed ssh port for <user> not honored
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused as root: ssh <user>@box1 success I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd what have I missed? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
On 2022-11-16 15:48, Patrick Shanahan wrote:
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused
as root: ssh <user>@box1 success
I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd
what have I missed?
Sometimes I forget that I have some hosts configured in the ~/.ssh/config file for that particular user. And that I forgot that I have port configured there. Maybe it's that? -- /bengan
* Bengt Gördén <bengan@bag.org> [11-16-22 09:59]:
On 2022-11-16 15:48, Patrick Shanahan wrote:
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused as root: ssh <user>@box1 success I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd
what have I missed?
Sometimes I forget that I have some hosts configured in the ~/.ssh/config file for that particular user. And that I forgot that I have port configured there. Maybe it's that?
no, but tks -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
On 2022-11-16 16:07, Patrick Shanahan wrote:
no, but tks
Ok. What does ssh -v say? Or -vv, -vvv etc. Another thing I can think of is that it is an old key that is not accepted because the algorithm is deprecated. Temporary fix in ~/.ssh/config Example Host box1 HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa -- /bengan
* Bengt Gördén <bengan@bag.org> [11-16-22 10:17]:
On 2022-11-16 16:07, Patrick Shanahan wrote:
no, but tks
Ok. What does ssh -v say? Or -vv, -vvv etc.
Another thing I can think of is that it is an old key that is not accepted because the algorithm is deprecated.
Temporary fix in ~/.ssh/config
Example
Host box1 HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa
tks, but I got it working using pubkey. It now tries to connect via the assigned high port instead of 22. My problem was probably age relate memory :). I though adjusting firewall ports and designating a high port for ssh(d) and restarting services would automagically use the designated port for ssh connection. I am reasonalby certain that was the case before, but apparently is not now. Using pubkey seems to circumvent this "problem". As I am only concerned with boxes I control and use pubkey for all, I no longer have the "problem". I would be interested in why I experienced this only on recent new installations and have/did not previously. tks -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
On 2022-11-16 15:48, Patrick Shanahan wrote:
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused
as root: ssh <user>@box1 success
I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd
what have I missed?
You have to tell the client to also use that port: ssh -p high_port_number <user>@box1 Or you can edit ~/.ssh/config at the client: Host box1 Port high_port_number It is also possible to "route" the high port to port 22 at the firewall of the client machine. This is an easy functionality on home routers supplied by the ISP or purchased, but you have not mentioned using internet. I think you have done all that, but just writing it out so that you can double check :-) I find ssh error messages confusing. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [11-16-22 13:55]:
On 2022-11-16 15:48, Patrick Shanahan wrote:
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused as root: ssh <user>@box1 success I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd
what have I missed?
You have to tell the client to also use that port:
ssh -p high_port_number <user>@box1
Or you can edit ~/.ssh/config at the client:
none of my local boxes have a ~/.ssh/config but all previously utilized high_port rather than port 22 merely by editing /etc/ssh/sshd_config and /etc/ssh/ssh_config
Host box1 Port high_port_number
It is also possible to "route" the high port to port 22 at the firewall of the client machine. This is an easy functionality on home routers supplied by the ISP or purchased, but you have not mentioned using internet.
I have not routed any port, but have opened the high_port in the router firewall.
I think you have done all that, but just writing it out so that you can double check :-)
I find ssh error messages confusing.
some are to me also
-- Cheers / Saludos,
Carlos E. R. (from 15.3 x86_64 at Telcontar)
fwiw: if, if, memory serves, I have not had to specify port after editing ssh_config and sshd_config to designate an alternate port for ssh. and memory is always suspect for me for some years now. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc
On 2022-11-16 20:53, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [11-16-22 13:55]:
On 2022-11-16 15:48, Patrick Shanahan wrote:
I have a converted to Tw laptop and have moved ssh to a high port which <root> honors but <user> does not, ie: ssh <user>@box1 ssh: connect to host box1 port 22: Connection refused as root: ssh <user>@box1 success I changed the firewall ports for ssh to the utilized high port I altered both ssh_config and sshd_config to designate the high port. restarted firewalld and sshd
what have I missed?
You have to tell the client to also use that port:
ssh -p high_port_number <user>@box1
Or you can edit ~/.ssh/config at the client:
none of my local boxes have a ~/.ssh/config but all previously utilized high_port rather than port 22 merely by editing /etc/ssh/sshd_config and /etc/ssh/ssh_config
Ah, I forgot /etc/ssh/ssh_config. It is equivalent to ~/.ssh/config, but for all users. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)
participants (3)
-
Bengt Gördén -
Carlos E. R. -
Patrick Shanahan