Forum

Full Version: Changing ssh listening port
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'd like to access my raspberry from outside of my LAN so I opened a new door on my router to ssh from office.
The problem is that if I open the port 22 I get a lot of script kid poking my ssh and I'd rather not.
I want to change the default port for ssh from 22 to a higher unused one.
But I noticed that changing /etc/ssh/sshd_config has no effect. After some digging I discovered that ssh is launched by inetd with the line:
Code:
xbian@xbian ~ $ cat /etc/inetd.conf | grep ssh
ssh  stream  tcp  nowait  root   /usr/sbin/tcpd /usr/sbin/sshd -i
xbian@xbian ~ $

and the ssh port is defined in
Code:
xbian@xbian ~ $ cat /etc/services | grep ssh
ssh        22/tcp                # SSH Remote Login Protocol
ssh        22/udp
xbian@xbian ~ $

How do I change the ssh port?
Do I need to define a new service in /etc/services and launch it with inetd?

Code:
my_new_ssh        2222/tcp                # SSH Remote Login Protocol on high port
my_new_ssh        2222/udp

my_new_ssh  stream  tcp  nowait  root   /usr/sbin/tcpd /usr/sbin/sshd -i

I'm running beta2:
Code:
xbian@xbian ~ $ cat /etc/xbian_version  
1.0Beta2
xbian@xbian ~ $
there are two options:

you enable upstart job ssh_hid (this is the generally known ssh running through its own daemon (sshd running all the time). then /etc/ssh/sshd_options is fully working like before.

second option is almost like you did. the only problem would be that if you create new service name (my_new_ssh) the "ssh" service wont get recognised for system tools & xbian-config - as they all expect ssh.

so don't be afraid to change /etc/services by directly editing "ssh 22/tcp" to "ssh 2222/tcp:".
Ok, thanks.
How do I restart inetd?
I tried sudo /etc/init.d/inetd restart but there is no inetd in init.d...
once again, init.d was migrated to upstart (/etc/init)

service names are files you will see in that dir without .conf suffix.

inetd is "openbsd-inetd"

so
Code:
restart openbsd-inetd

init.d is still processed as part of backward compatibility (but slowly all is moving away - out of this old concept).
Thanks!

I've been trying for weeks to get back to my 'usual' ssh port configuration!

Skywatch.
Reference URL's