Putty: Can't SSH into port 53425 instead of 22?

dreamcompute

#1

Greetings,

I’m trying to set up a non-standard SSH port (for example: 53425) instead of the default port 22 - on Ubuntu Server 16.04. For some reason, I can’t SSH into the server via Putty. Here is what I’ve done:

  1. I edited the /etc/ssh/sshd_config file and changed the port from 22 to 53425.
  2. I restarted the sshd service to update the changes.
  3. I installed UFW and allowed port 53425.
  4. I reloaded UFW and rebooted server.
  5. I looked into the logs /var/log/auth.log and confirmed "Server listening on 0.0.0.0 port 53425.
  6. I updated Putty to connect to port 53425 instead of 22.
  7. Nothing happens, no login prompt, and a timeout connection error appears.

It seems like this should be a really simple thing to do, but for some reason it’s not working. Am I doing something wrong here? I’ve asked this question in the Ubuntu forums, but can’t seem to get a solution that works. Is this a Dreamhost-specific restriction?

Thanks
Kind regards


#2

This is a cloud-specific question indeed. Most cloud services have something like else to manage network access besides what you configured. Did you open the port on the security groups?


#3

Thanks for the solution. I had no idea what Security Groups were and never checked there. I opened the port there and everything works as expected!

I installed UFW on my server like the book said, but it seems that Security Groups override UFW? Is UFW now useless and should be uninstalled if Security Groups does the same thing?

Question:
In the Ubuntu forum, I got this advice:

Let the router perform port translation, so it listens on 53425/tcp and forwards to an internal LAN IP:22/tcp where the ssh server is listening. This provides 2 different ports - 1 for internal use (the default) and one for external use over the internet.

Is this done in Security Groups as well, or would you know how to do this? I noticed in my logs that there were like 100,000+ SSH hack attempts on port 22 in just 2 days on my empty test server (not to mention a huge log file), so I was thinking a non-standard SSH port might help throw these bots off.


#4

You may need fail2ban and a coule other things. Putting SSH on a non-standard port is convenient, too and doesn’t hurt.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.