samond Posted October 12, 2023 Posted October 12, 2023 Hi, everyone, Recently, i found i can't change ssh port on 6.4.16 bookworm (Onecloud) cli version(https://github.com/armbian-delta/os/releases/download/23.8.0-trunk.2/Armbian_23.8.0-trunk.2_Onecloud_bookworm_edge_6.4.16.img.xz#onecloud) i changed the `/etc/ssh/sshd_config` add the `Port 10086` .and then i restart the system, It still not working, ssh port only work on `22` but at the same time, i found the other thing `KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1` i added is working. So, i check if selinux is disabled, the sestatus says it's disabled. and check the sshd status...it stills on port 22, no 10086 `root@onecloud:~# service sshd status ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled) Active: active (running) since Thu 2023-10-12 14:15:38 CST; 3s ago TriggeredBy: ● ssh.socket Docs: man:sshd(8) man:sshd_config(5) Process: 7609 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 7610 (sshd) Tasks: 1 (limit: 2190) Memory: 1.0M CPU: 305ms CGroup: /system.slice/ssh.service └─7610 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Oct 12 14:15:38 onecloud systemd[1]: Starting ssh.service - OpenBSD Secure Shel> Oct 12 14:15:38 onecloud sshd[7610]: Server listening on :: port 22. Oct 12 14:15:38 onecloud systemd[1]: Started ssh.service - OpenBSD Secure Shell` So i checked `netstat -atunlp | grep sshd` there is only 22.. ` tcp6 0 0 192.168.1.112:22 xxx:20158 ESTABLISHED 3147/sshd: root@pts tcp6 0 144 192.168.1.112:22 xxx:22320 ESTABLISHED 3514/sshd: root@pts ` iptables nothing on it. `Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination` So, it may be a bug, sshd can't read configuration to open a new port? 0 Quote
SteeMan Posted October 12, 2023 Posted October 12, 2023 5 hours ago, samond said: https://github.com/armbian-delta That isn't an official armbian release it is some fork of offical armbian. You need to direct your question to the person who created that release. We can't help you here as we know nothing about that code. 0 Quote
Igor Posted October 12, 2023 Posted October 12, 2023 11 minutes ago, SteeMan said: That isn't an official armbian release it is some fork of offical armbian. Its where Armbian community builds are made. Which are anyway not officially supported ... Armbian project maintainers does not answer any support questions regarding those builds! Support? Check general install instructions or TV box specific 0 Quote
Igor Posted October 12, 2023 Posted October 12, 2023 BTW. @samond This could be very much like a Debian upstream problem ... Last week I installed Armbian Ubuntu Jammy x86 build to one of new servers and one of the things I did was changing SSH port. Works as expected. 0 Quote
samond Posted October 13, 2023 Author Posted October 13, 2023 (edited) Well i found the solution for this suck settings....@Igor uhhh,It's a community release.......@SteeMan hope this could help someone else.... It seems like ssh port is ruled by sshd.socket rather than sshd.service.... So,we need add a sshd.socket @ `/etc/systemd/system` ``` [Socket] ListenStream= ListenStream=4200 ``` (the first ListenStream= is to disable the default 22) and then verify it `cat /etc/systemd/system/sshd.socket.d/override.conf` and then `systemctl daemon-reload` `systemctl enable sshd.socket` `systemctl start sshd.socket` check the status `systemctl status sshd.socket` ----------------------------- further more ,Some branches do not support sftp ,so... `sudo mkdir -p /etc/systemd/system/sshd@.service.d` `/etc/systemd/system/sshd@.service.d/sftp.conf` write this: ``` [Service] Environment="OPTIONS=-o Subsystem=\"sftp /usr/libexec/sftp-server\"" ``` `sudo systemctl daemon-reload` Edited October 13, 2023 by samond 0 Quote
Igor Posted October 13, 2023 Posted October 13, 2023 1 hour ago, samond said: could help someone else. Forum is sadly just a black hole There are way more problems that integrating resources https://docs.armbian.com/Process_Contribute/ 0 Quote
ynotssor Posted June 11, 2024 Posted June 11, 2024 (edited) Same here ... I installed Armbian_24.5.1_Odroidxu4_bookworm_current_6.6.31_minimal.img today, along with a few other tools I regularly use: root@odroidxu4:~# grep "Port " /etc/ssh/sshd_config #Port 22 Port 61022 root@odroidxu4:~# systemctl restart ssh root@odroidxu4:~# systemctl status ssh | grep listening Jun 10 23:03:06 odroidxu4 sshd[1309]: Server listening on :: port 22. root@odroidxu4:~# lsof -nPi | grep ssh | grep -v grep sshd 1149 root 4u IPv6 16682 0t0 TCP 192.168.1.6:22->192.168.1.53:42810 (ESTABLISHED) sshd 1309 root 3u IPv6 7753 0t0 TCP *:22 (LISTEN) How to effectively change sshd port with newest Armbian, please? These same steps worked in Armbian_21.05.4_Odroidxu4_buster_legacy_4.14.222.img, just as they have in every other Linux distribution. I tried to follow samond's solution, but still no altered sshd port: root@odroidxu4:~# cat /etc/systemd/system/sshd.socket [Socket] ListenStream= ListenStream=61022 root@odroidxu4:~# systemctl daemon-reload && systemctl enable sshd.socket && systemctl start sshd.socket The unit files have no installation config (WantedBy=, RequiredBy=, Also=, Alias= settings in the [Install] section, and DefaultInstance= for template units). This means they are not meant to be enabled using systemctl. Edited June 11, 2024 by ynotssor trying to undertand what's needed 0 Quote
Igor Posted June 13, 2024 Posted June 13, 2024 On 6/11/2024 at 8:19 AM, ynotssor said: How to effectively change sshd port with newest Armbian, please? It is possible we break it unintentionally while fixing something else. @Alessandro Lannocca Would lately applied changes affect this? It seems its bookworm related. 0 Quote
ynotssor Posted June 13, 2024 Posted June 13, 2024 Negative, I have Raspbian with version 12 bookworm installed on other Pi 3b and can successfully change sshd listen port. Even armbian-config doesn't allow an alternate port. The problem requires a fix in Armbian. 0 Quote
Igor Posted June 13, 2024 Posted June 13, 2024 1 hour ago, ynotssor said: The problem requires a fix in Armbian. Yes, it is possible. We have to look into this. 0 Quote
Alessandro Lannocca Posted June 16, 2024 Posted June 16, 2024 On 6/13/2024 at 1:07 PM, Igor said: It is possible we break it unintentionally while fixing something else. @Alessandro Lannocca Would lately applied changes affect this? It seems its bookworm related. Works for me on Trixie, will check with Bookworm: # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Include /etc/ssh/sshd_config.d/*.conf Port 1122 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: [...] ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: disabled) Active: active (running) since Sun 2024-06-16 02:31:25 CEST; 13s ago Invocation: cd3972f4454d4e37a5ce90e6fade1946 Docs: man:sshd(8) man:sshd_config(5) Process: 1054 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 1103 (sshd) Tasks: 9 (limit: 4296) Memory: 40.1M (peak: 56.2M) CPU: 9.397s CGroup: /system.slice/ssh.service ├─1103 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" ├─1347 "sshd: kali [priv]" ├─1510 "sshd: kali@pts/0" ├─1511 -zsh ├─1525 tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new-session -n - /usr/bin/byobu-shell ├─1559 tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new-session -n - /usr/bin/byobu-shell ├─1567 /usr/bin/zsh ├─1789 systemctl status ssh └─1790 less giu 16 02:31:24 nappio systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... giu 16 02:31:25 nappio sshd[1103]: Server listening on 0.0.0.0 port 1122. giu 16 02:31:25 nappio sshd[1103]: Server listening on :: port 1122. giu 16 02:31:25 nappio systemd[1]: Started ssh.service - OpenBSD Secure Shell server. gi We're not using ssh.socket by default anymore, so I expect ssh to honour "Port" directive from config file: @ynotssor can you please share your "/etc/ssh/sshd_config" and any file under "/etc/ssh/ssh_config.d" please ? Thank you! 0 Quote
Alessandro Lannocca Posted June 16, 2024 Posted June 16, 2024 Trying vanilla bookworm from trunk on nanopi-r5c, changing sshd port seems to work aless@CORBINO ~ % ssh root@192.168.1.101 -p 61022 root@192.168.1.101's password: X11 forwarding request failed on channel 0 _ _ ____ _ ____ ____ ____ | \ | | _ \(_) | _ \| ___| / ___| | \| | |_) | | | |_) |___ \| | | |\ | __/| | | _ < ___) | |___ |_| \_|_| |_| |_| \_\____/ \____| Welcome to Armbian-unofficial 24.8.0-trunk Bookworm with Linux 6.6.34-current-rockchip64 No end-user support: built from trunk System load: 15% Up time: 4 min Memory usage: 5% of 3.65G IP: 192.168.1.101 CPU temp: 41°C Usage of /: 4% of 58G RX today: n/a [ General system configuration (beta): armbian-config ] Last login: Sun Jun 16 17:03:59 2024 from 192.168.1.116 nappio:~:# systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled) Active: active (running) since Sun 2024-06-16 17:05:26 CEST; 30s ago Docs: man:sshd(8) man:sshd_config(5) Process: 3174 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 3175 (sshd) Tasks: 1 (limit: 4297) Memory: 3.2M CPU: 567ms CGroup: /system.slice/ssh.service └─3175 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Jun 16 17:05:26 nappio systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 16 17:05:26 nappio sshd[3175]: Server listening on 0.0.0.0 port 61022. Jun 16 17:05:26 nappio sshd[3175]: Server listening on :: port 61022. Jun 16 17:05:26 nappio systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 16 17:05:42 nappio sshd[3178]: Accepted password for root from 192.168.1.116 port 51699 ssh2 Jun 16 17:05:42 nappio sshd[3178]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) Jun 16 17:05:43 nappio sshd[3178]: pam_env(sshd:session): deprecated reading of user environment enabled nappio:~:# /etc/ssh/sshd_config: # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Include /etc/ssh/sshd_config.d/*.conf Port 61022 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: 0 Quote
Ephraim Gariguez Posted June 30, 2024 Posted June 30, 2024 (edited) @Igor I'm on Orange Pi One Armbian 24.5.1 Bookworm with Linux 6.6.31-current-sunxi I found a fix on this, since I also have issues on the default /etc/ssh/sshd_config changing port number simply doesn't work because the ssh.service is running on ssh.socket I found out that on the /etc/systemd/system/sockets.target.wants have 2 files ssh.socket and uuidd.socket the ssh.socket file is symlinked to /lib/systemd/system/ssh.socket simply deleting the file ssh.socket file from the /lib/systemd/system/ssh.socket will make the /etc/ssh/sshd_config file usable again after deleting /lib/systemd/system/ssh.socket file execute the command $sudo systemctl daemon-reload edit the ssh port number from /etc/ssh/sshd_config and put your desired port number (i.e 6120 ) allow the port number from ufw firewall restart ssh.service $ sudo systemctl restart ssh enable ssh service $sudo systemctl enable ssh.service check status and test by logging in on the ssh $ ssh username@yourdomain.com -p 6120 This fix works for me alternatively you may also change the port number directly from /lib/systemd/system/ssh.socket [Unit] Description=OpenBSD Secure Shell server socket Before=sockets.target #ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Socket] ListenStream=6120 Accept=no [Install] WantedBy=sockets.target then execute $sudo systemctl daemon-reload followed by $sudo sytemctl restart ssh This alternative fix will still run SSH as a socket service but both of them works fine. Edited June 30, 2024 by Ephraim Gariguez 0 Quote
Ephraim Gariguez Posted July 2, 2024 Posted July 2, 2024 Update on the above issues: When a new update for SSH is applied using $sudo apt update && sudo apt upgrade The same configuration issue will just revert back to running the SSH using socket.ssh again even if you choose not to overwrite the configuration from the update selection screen. Your /etc/ssh/sshd_config will not be overwritten, however the deleted /lib/systemd/system/ssh.socket file will be re-created by the update. So restarting or rebooting the SSH server will revert to ssh.socket operation again opening Port number 22, even if you reboot. The correct fix would be to just disable the port number from /lib/systemd/system/ssh.socket just leave the ListenStream blank to disable the ssh socket. Stop the SSH service using $sudo systemctl stop ssh issue $sudo systemctl daemon-reload finally restart ssh $sudo systemctl restart ssh the applied configuration below from ssh.socket file will revert to ssh server reading the /etc/ssh/sshd_config and will enable the changing port number and other configuration from that file. ###ssh.socket config##### [Unit] Description=OpenBSD Secure Shell server socket Before=sockets.target #ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Socket] ListenStream= Accept=no [Install] WantedBy=sockets.target ##################### 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.