[Bug] Can't change the ssh port on 6.4.16 bookworm

[samond]

Hi, everyone,

 

   Recently, i found   i can't change ssh port on 6.4.16 bookworm (Onecloud)  cli version(https://github.com/armbian-delta/os/releases/download/23.8.0-trunk.2/Armbian_23.8.0-trunk.2_Onecloud_bookworm_edge_6.4.16.img.xz#onecloud)

   

   i changed the `/etc/ssh/sshd_config`    add the `Port 10086` .and then i restart the system, It still not working, ssh port only work on `22`

 

  but at the same time, i found the other thing  `KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1` i added is working.

   

   So, i check if selinux is disabled, the sestatus says it's disabled.

 

and  check the  sshd status...it stills on port 22,  no 10086

 

`root@onecloud:~# service sshd status
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Thu 2023-10-12 14:15:38 CST; 3s ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 7609 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 7610 (sshd)
      Tasks: 1 (limit: 2190)
     Memory: 1.0M
        CPU: 305ms
     CGroup: /system.slice/ssh.service
             └─7610 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Oct 12 14:15:38 onecloud systemd[1]: Starting ssh.service - OpenBSD Secure Shel>
Oct 12 14:15:38 onecloud sshd[7610]: Server listening on :: port 22.
Oct 12 14:15:38 onecloud systemd[1]: Started ssh.service - OpenBSD Secure Shell`

 

 

So i checked `netstat -atunlp | grep sshd` there is only  22..

  

`
tcp6       0      0 192.168.1.112:22        xxx:20158     ESTABLISHED 3147/sshd: root@pts
tcp6       0    144 192.168.1.112:22       xxx:22320     ESTABLISHED 3514/sshd: root@pts
`

iptables nothing on it.

`Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination`

 

 

So, it may be a bug, sshd can't read configuration to open a new port?

[SteeMan]

5 hours ago, samond said:

https://github.com/armbian-delta

That isn't an official armbian release it is some fork of offical armbian. You need to direct your question to the person who created that release.  We can't help you here as we know nothing about that code.

[Igor]

11 minutes ago, SteeMan said:

That isn't an official armbian release it is some fork of offical armbian.

Its where Armbian community builds are made. Which are anyway not officially supported ... 
 

• Armbian project maintainers does not answer any support questions regarding those builds!
• Support? Check general install instructions or TV box specific

[Igor]

BTW. @samond

 

This could be very much like a Debian upstream problem ... Last week I installed Armbian Ubuntu Jammy x86 build to one of new servers and one of the things I did was changing SSH port. Works as expected.

[samond]

Well i found the solution for this suck settings....@Igor

uhhh,It's a community release.......@SteeMan

 

hope this could help someone else....

 

It seems like ssh port is ruled by sshd.socket rather than sshd.service....

 

So,we need add a sshd.socket @ `/etc/systemd/system`

 

```

[Socket]

ListenStream=

ListenStream=4200

```

(the first ListenStream= is to disable the default 22)

and then verify it `cat /etc/systemd/system/sshd.socket.d/override.conf`

 

and then `systemctl daemon-reload` `systemctl enable sshd.socket` `systemctl start sshd.socket`

 

check the status

 

`systemctl status sshd.socket`

 

 

-----------------------------

 

further more ,Some branches do not support sftp ,so...

 

`sudo mkdir -p /etc/systemd/system/sshd@.service.d`

 

`/etc/systemd/system/sshd@.service.d/sftp.conf`

write this:

```

[Service] Environment="OPTIONS=-o Subsystem=\"sftp /usr/libexec/sftp-server\""

```

`sudo systemctl daemon-reload`

Edited October 13, 2023 by samond

[Igor]

1 hour ago, samond said:

could help someone else.

Forum is sadly just a black hole   There are way more problems that integrating resources https://docs.armbian.com/Process_Contribute/

[ynotssor]

Same here ... I installed Armbian_24.5.1_Odroidxu4_bookworm_current_6.6.31_minimal.img today, along with a few other tools I regularly use:

root@odroidxu4:~#

grep "Port " /etc/ssh/sshd_config

#Port 22
Port 61022

 

root@odroidxu4:~#

systemctl restart ssh

root@odroidxu4:~#

systemctl status ssh | grep listening

Jun 10 23:03:06 odroidxu4 sshd[1309]: Server listening on :: port 22.

 

root@odroidxu4:~#

lsof -nPi | grep ssh | grep -v grep

sshd      1149            root    4u  IPv6  16682      0t0  TCP 192.168.1.6:22->192.168.1.53:42810 (ESTABLISHED)
sshd      1309            root    3u  IPv6   7753      0t0  TCP *:22 (LISTEN)

 

How to effectively change sshd port with newest Armbian, please? These same steps worked in Armbian_21.05.4_Odroidxu4_buster_legacy_4.14.222.img, just as they have in every other Linux distribution.

 

I tried to follow samond's solution, but still no altered sshd port:

root@odroidxu4:~# cat /etc/systemd/system/sshd.socket
[Socket]
ListenStream=
ListenStream=61022

 

root@odroidxu4:~# systemctl daemon-reload && systemctl enable sshd.socket && systemctl start sshd.socket
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.

Edited June 11 by ynotssor
trying to undertand what's needed

[Igor]

On 6/11/2024 at 8:19 AM, ynotssor said:

How to effectively change sshd port with newest Armbian, please?

It is possible we break it unintentionally while fixing something else. @Alessandro Lannocca Would lately applied changes affect this? It seems its bookworm related.

[ynotssor]

Negative, I have Raspbian with version 12 bookworm installed on other Pi 3b and can successfully change sshd listen port.

 

Even armbian-config doesn't allow an alternate port. The problem requires a fix in Armbian.

[Igor]

1 hour ago, ynotssor said:

The problem requires a fix in Armbian.

Yes, it is possible. We have to look into this.

[Alessandro Lannocca]

On 6/13/2024 at 1:07 PM, Igor said:

It is possible we break it unintentionally while fixing something else. @Alessandro Lannocca Would lately applied changes affect this? It seems its bookworm related.

Works for me on Trixie, will check with Bookworm:

 

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port 1122
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

[...]

 

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: disabled)
     Active: active (running) since Sun 2024-06-16 02:31:25 CEST; 13s ago
 Invocation: cd3972f4454d4e37a5ce90e6fade1946
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1054 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1103 (sshd)
      Tasks: 9 (limit: 4296)
     Memory: 40.1M (peak: 56.2M)
        CPU: 9.397s
     CGroup: /system.slice/ssh.service
             ├─1103 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
             ├─1347 "sshd: kali [priv]"
             ├─1510 "sshd: kali@pts/0"
             ├─1511 -zsh
             ├─1525 tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new-session -n - /usr/bin/byobu-shell
             ├─1559 tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new-session -n - /usr/bin/byobu-shell
             ├─1567 /usr/bin/zsh
             ├─1789 systemctl status ssh
             └─1790 less

giu 16 02:31:24 nappio systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
giu 16 02:31:25 nappio sshd[1103]: Server listening on 0.0.0.0 port 1122.
giu 16 02:31:25 nappio sshd[1103]: Server listening on :: port 1122.
giu 16 02:31:25 nappio systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
gi

 

We're not using ssh.socket by default anymore, so I expect ssh to honour "Port" directive from config file: @ynotssor can you please share your "/etc/ssh/sshd_config" and any file under "/etc/ssh/ssh_config.d" please ?

Thank you!

[Alessandro Lannocca]

Trying vanilla bookworm from trunk on nanopi-r5c, changing sshd port seems to work

 

aless@CORBINO ~ % ssh root@192.168.1.101 -p 61022
root@192.168.1.101's password: 
X11 forwarding request failed on channel 0
 _   _ ____  _   ____  ____   ____ 
| \ | |  _ \(_) |  _ \| ___| / ___|
|  \| | |_) | | | |_) |___ \| |    
| |\  |  __/| | |  _ < ___) | |___ 
|_| \_|_|   |_| |_| \_\____/ \____|
                                   
Welcome to Armbian-unofficial 24.8.0-trunk Bookworm with Linux 6.6.34-current-rockchip64

No end-user support: built from trunk

System load:   15%           	Up time:       4 min	
Memory usage:  5% of 3.65G  	IP:	       192.168.1.101
CPU temp:      41°C           	Usage of /:    4% of 58G    	
RX today:      n/a	  	

[ General system configuration (beta): armbian-config ]

Last login: Sun Jun 16 17:03:59 2024 from 192.168.1.116
nappio:~:# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Sun 2024-06-16 17:05:26 CEST; 30s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 3174 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 3175 (sshd)
      Tasks: 1 (limit: 4297)
     Memory: 3.2M
        CPU: 567ms
     CGroup: /system.slice/ssh.service
             └─3175 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Jun 16 17:05:26 nappio systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Jun 16 17:05:26 nappio sshd[3175]: Server listening on 0.0.0.0 port 61022.
Jun 16 17:05:26 nappio sshd[3175]: Server listening on :: port 61022.
Jun 16 17:05:26 nappio systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Jun 16 17:05:42 nappio sshd[3178]: Accepted password for root from 192.168.1.116 port 51699 ssh2
Jun 16 17:05:42 nappio sshd[3178]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Jun 16 17:05:43 nappio sshd[3178]: pam_env(sshd:session): deprecated reading of user environment enabled
nappio:~:#

 

/etc/ssh/sshd_config:

 

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port 61022
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::