0

I know that there are many, many topics on exactly this subject, however, nothing is working for me (i'm using ubuntu 22.10).

I added this configuration in /etc/ssh/sshd_config.d/sshd_config.conf:

Port 2222
PermitRootLogin no
PermitEmptyPasswords no
ClientAliveInterval 300
ClientAliveCountMax 0
MaxAuthTries 5

this setting in ufw:

sudo ufw allow 2222/tcp
# Rule added
# Rule added (v6)

sudo ufw status
# Status: active
#
# To                         Action      From
# --                         ------      ----
# 2222/tcp                   ALLOW       Anywhere                  
# 2222/tcp (v6)              ALLOW       Anywhere (v6)

and on my router (which is a MERCUSYS MR30G):

allowed port in router

so... when I try to make the connection:

ssh -p 2222 user@address
# ssh: connect to host address port 2222: Connection refused

for debugging...

ssh -V:

OpenSSH_9.0p1 Ubuntu-1ubuntu7.1, OpenSSL 3.0.5 5 Jul 2022

sudo service ssh status:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-04-02 13:19:58 -03; 30min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 609877 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 609878 (sshd)
      Tasks: 1 (limit: 9293)
     Memory: 1.4M
        CPU: 39ms
     CGroup: /system.slice/ssh.service
             └─609878 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Apr 02 13:19:57 patrickstar systemd[1]: Starting OpenBSD Secure Shell server...
Apr 02 13:19:58 patrickstar sshd[609878]: Server listening on 0.0.0.0 port 2222.
Apr 02 13:19:58 patrickstar sshd[609878]: Server listening on :: port 2222.
Apr 02 13:19:58 patrickstar systemd[1]: Started OpenBSD Secure Shell server.

sudo ss -ntpl | grep 2222:

LISTEN 0      128          0.0.0.0:2222       0.0.0.0:*    users:(("sshd",pid=609878,fd=3))         
LISTEN 0      128             [::]:2222          [::]:*    users:(("sshd",pid=609878,fd=4))
rhuanpk
  • 1
  • 2
  • 2
    This is possibly due to the recent change to socket-based activation - see for example [SSH default port not changing (Ubuntu 22.10)](https://askubuntu.com/a/1442770/178692) – steeldriver Apr 02 '23 at 17:17
  • I was aware of this new change, however, I made some changes to "disable" the ssh socket: 1. I disabled the socket: `sudo systemctl disable --now ssh.socket` 2. I removed the file that forces socket activation: `sudo rm -f /etc/systemd/system/ssh.service.d/00-socket.conf` 3. I enabled SSH daemon: `sudo systemctl enable --now ssh.service` this way SSH starts to read the user's configuration file that I mentioned above in the question and starts to listen to the port that I configured in this file. – rhuanpk Apr 02 '23 at 19:30
  • Can you connect from another system on the same LAN (which would narrow down the problem to the router)? – Organic Marble Apr 02 '23 at 22:27
  • 1
    @rhuanpk Please add the information you just left here in the comment section into your question. Please add in all information of what you have tried so that we are not guessing. Thank you! – Terrance Apr 03 '23 at 00:20
  • 1
    @OrganicMarble, from termux on my mobile, it works with both on the same network, the connection succeeds with the command `ssh -p 2222 user@localipaddress`. – rhuanpk Apr 03 '23 at 03:21
  • @Terrance, all the information I managed to collect or the changes I made, I put them all in my question, the only detail that had been left out was about the `ssh.socket` that I already mentioned in the previous comment. Is there any more information I could get? ps: sorry for my english :P – rhuanpk Apr 03 '23 at 03:28
  • Did you try [test mode](https://superuser.com/a/1291078/500826) – Pablo Bianchi Apr 03 '23 at 04:09
  • I am guessing your information is fine. I just did an openssh-server installation on a test server running 22.10 here and it connected up to port 2222 just fine, both internally on my network, and externally through my router. My guess is something with your router is not allowing it through, or your ISP might be blocking it. – Terrance Apr 03 '23 at 04:11
  • @PabloBianchi, the test command `sudo sshd -t` did not produce any output (return code 0). – rhuanpk Apr 03 '23 at 05:04
  • @Terrance, I'll try to talk to my ISP about it. – rhuanpk Apr 03 '23 at 05:25
  • well, after a LOT of analysis, I came to the conclusion that the blocking is actually at my ISP, apparently they have a NAT that fronts my internet, which makes all the configuration of port redirection on my router, on the firewall and in ssh from my machine it is useless if my ISP does not release the port in the NAT or if they directly deliver a public IP to my router well, as there are no problems here, and only administrative questions, I'll close the topic, thank you very much to everyone who helped me and contributed to my reaching this conclusion (mainly to @Terrance). thank you all! – rhuanpk Apr 03 '23 at 16:07
  • I wonder if your ISP is blocking OpenVPN (usually UDP port 1194)? I have set this up on my video server as my OpenVPN connection then my router forwards UDP port 1194 to my video server which then allows me once connected to my network that way for my SSH to work. These instructions are for the PiHole, but they work on Ubuntu. https://docs.pi-hole.net/guides/vpn/openvpn/installation/ but only the OpenVPN stuff, unless you want to do a PiHole as well. – Terrance Apr 03 '23 at 16:32
  • @Terrance, yes, cool... could you explain to me how this flow would be with the VPN? – rhuanpk Apr 03 '23 at 19:04
  • I can't go deep into it here because this site isn't for this, but for this you would only need to choose a computer inside of your home network to be dedicated to run the OpenVPN server on it. It can be used for other things as well, but it would have to be something you leave on so that you can login through it. Then you generate your ovpn files that use a certificate in them that you copy to the client that will be logging into the server with and you use the OpenVPN client for that system. Also works on cell phones. I do recommend some sort of DDNS for dynamic updating public IPs. – Terrance Apr 04 '23 at 03:09

0 Answers0