[Bug] Can't change the ssh port on 6.4.16 bookworm

[samond]

Hi, everyone,

 

   Recently, i found   i can't change ssh port on 6.4.16 bookworm (Onecloud)  cli version(https://github.com/armbian-delta/os/releases/download/23.8.0-trunk.2/Armbian_23.8.0-trunk.2_Onecloud_bookworm_edge_6.4.16.img.xz#onecloud)

   

   i changed the `/etc/ssh/sshd_config`    add the `Port 10086` .and then i restart the system, It still not working, ssh port only work on `22`

 

  but at the same time, i found the other thing  `KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1` i added is working.

   

   So, i check if selinux is disabled, the sestatus says it's disabled.

 

and  check the  sshd status...it stills on port 22,  no 10086

 

`root@onecloud:~# service sshd status
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Thu 2023-10-12 14:15:38 CST; 3s ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 7609 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 7610 (sshd)
      Tasks: 1 (limit: 2190)
     Memory: 1.0M
        CPU: 305ms
     CGroup: /system.slice/ssh.service
             └─7610 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Oct 12 14:15:38 onecloud systemd[1]: Starting ssh.service - OpenBSD Secure Shel>
Oct 12 14:15:38 onecloud sshd[7610]: Server listening on :: port 22.
Oct 12 14:15:38 onecloud systemd[1]: Started ssh.service - OpenBSD Secure Shell`

 

 

So i checked `netstat -atunlp | grep sshd` there is only  22..

  

`
tcp6       0      0 192.168.1.112:22        xxx:20158     ESTABLISHED 3147/sshd: root@pts
tcp6       0    144 192.168.1.112:22       xxx:22320     ESTABLISHED 3514/sshd: root@pts
`

iptables nothing on it.

`Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination`

 

 

So, it may be a bug, sshd can't read configuration to open a new port?

[SteeMan]

5 hours ago, samond said:

https://github.com/armbian-delta

That isn't an official armbian release it is some fork of offical armbian. You need to direct your question to the person who created that release.  We can't help you here as we know nothing about that code.

[Igor]

11 minutes ago, SteeMan said:

That isn't an official armbian release it is some fork of offical armbian.

Its where Armbian community builds are made. Which are anyway not officially supported ... 
 

• Armbian project maintainers does not answer any support questions regarding those builds!
• Support? Check general install instructions or TV box specific

[Igor]

BTW. @samond

 

This could be very much like a Debian upstream problem ... Last week I installed Armbian Ubuntu Jammy x86 build to one of new servers and one of the things I did was changing SSH port. Works as expected.

[samond]

Well i found the solution for this suck settings....@Igor

uhhh,It's a community release.......@SteeMan

 

hope this could help someone else....

 

It seems like ssh port is ruled by sshd.socket rather than sshd.service....

 

So,we need add a sshd.socket @ `/etc/systemd/system`

 

```

[Socket]

ListenStream=

ListenStream=4200

```

(the first ListenStream= is to disable the default 22)

and then verify it `cat /etc/systemd/system/sshd.socket.d/override.conf`

 

and then `systemctl daemon-reload` `systemctl enable sshd.socket` `systemctl start sshd.socket`

 

check the status

 

`systemctl status sshd.socket`

 

 

-----------------------------

 

further more ,Some branches do not support sftp ,so...

 

`sudo mkdir -p /etc/systemd/system/sshd@.service.d`

 

`/etc/systemd/system/sshd@.service.d/sftp.conf`

write this:

```

[Service] Environment="OPTIONS=-o Subsystem=\"sftp /usr/libexec/sftp-server\""

```

`sudo systemctl daemon-reload`

Edited October 13, 2023 by samond

[Igor]

1 hour ago, samond said:

could help someone else.

Forum is sadly just a black hole   There are way more problems that integrating resources https://docs.armbian.com/Process_Contribute/