Changing SSH port causes "connection refused"

Latest response

This is a freshly installed RHEL 6.8. I changed the SSH port to 443 and tried with 440, 23, and 22 as well. In all cases I get "Connection refused" with no password prompt when I try to connect.

Without the port change, everything works normally in SSH.

Appreciate any help, thank you.

Responses

Do you have other services using those ports?

Did you restart the sshd service after modifying the configuration file?

Have you configured your ssh client to connect using the updated port?

Also, you want to check firewall and possibly selinux.

When installed in default mode the firewall rule to allow connections on port 22 gets added automatically. This can be verified by checking anaconda-ks.cfg file unless modified during installation. If you could access this system without port being changed and not when changed, it is mostly because of firewall rule which you need to modify according to the port changed. Also, the ports from 1-1024 are being privileged ports only a root or an user with root privilege can only access. So, it is always advisable to use ports with higher number (at least not in 1024 range) if you wish to change ssh default port from 22 to something else.

Also, if the ssh port is changed on a remote system then you may use “-p ” along with ssh while connecting to on the client side, otherwise, you would need to modify the ssh port being used to be the same from both ends i.e need to modify this on the client config file which is /etc/ssh/ssh_config.

As a new user of Linux, I'm so happy with the level of support I keep getting from this community. I have to thank everyone who contributes here for that kind and generous spirit of giving.

I was able to solve this issue by allocating a port above 1024, thanks for all your input on the issue.

If SELinux is enabled, sshd may be restricted to receive incoming traffic on ports with the ssh_port_t type only. If you change sshd from default port tcp/22 to something else, you should also add this type to the new port number you choose.

For example, to add ssh_port_t to TCP port 440, the command would be:

semanage port -a -t ssh_port_t -p tcp 440

This should be done before starting the sshd process that is configured to listen in port 440.

Clear, thank you Matti. I'll keep this in mind if I run into further issues.

Yes, that is a valid point. You may need to install "policycoreutils-python" package to get "semanage" working because this is not installed by default.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.