Home>

・ I am trying to construct a VPN by borrowing ConoHa server.
-The server side is CentOS and the client side is Ubuntu.
・ Iptables
・ I changed this port

Error message

Even if you try to connect to SSH with ssh [email protected]

ssh: connect to host 111.222.333.444 port 22: Connection refused


It comes out.
I changed the port to 5195, so I tried to connect with ssh -p 51945 [email protected]

ssh: connect to host 111.222.333.444 port 51945: Connection refused
Tried

ssh -p 51945 Connection at [email protected]>impossible
Review port number change settings (details)

Sites referenced for setup

https://qiita.com/orange634z/items/337061f3b0b5a8eaae0f

Learn more

I want to change the port from 22, change the contents in vi/etc/sysconfig/iptables

#sample configuration for iptables service
#You can edit this manually or use system-config-firewall
#Please do not ask us to add additional ports/services to this default configuration
* filter
: INPUT ACCEPT [0: 0]
: FORWARD ACCEPT [0: 0]
: OUTPUT ACCEPT [0: 0]
-A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 51945 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5555 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

(# Is half-width.)
I also changed it to 51945 in $sudo vi/etc/ssh/sshd_config.
On the client side
$vi config
Host conoha
HostName<ip address>
User develop
Port 51945
IdentityFile ~/.ssh/conoha
The secret key has already been set up.
Also, the port number is 51945 in vi/etc/ssh/sshd_config.
Please help m (_ _) m

  • Answer # 1

    By the way, from the management screen of Conoha for VPS
    Select the instance and open the console to modify the settings.

    After changing the settings, you cannot log in as root.
    Log in with the created user and its password and execute sudo command
    The procedure is to obtain administrator privileges.
    To prevent external attacks trying to log in as root
    I log in as a user other than root.

    If the

    .ssh/config setting is valid, connect with the host name, IP, and port described.
    For example, enterssh conohaand the command, and only enter the password when creating the ssh key
    You can log in. develop If you are asked for your password,
    There is a high possibility that the private key public key is not set correctly.

    If you specify the IP directly with the ssh command, it will look like the following example
    ssh -p 51945 -i ~/.ssh/hoge_rsa [email protected]

    I checked the site that was listed for reference and tried the procedure.
    systemctl restart sshd
    systemctl restart iptbles
    After performing the above,ssh conohaconfirmed the connection after changing the port.

    Please note that
    1.Editing sshd_config
    RSAAuthentication is not required for recent versions
    Since other items have already been described, please correct them by removing the comments instead of adding them.
    2. The permissions and names of the private key and public key are set correctly
    3. The port number set with sshd after the change matches the port number opened with iptables
    4. Work while understanding the meaning of the steps being performed (if you don't understand)

    Retry the server from the rebuild, and check whether ssh connection is possible each time.
    I think there is an error somewhere in the procedure.

  • Answer # 2

    How about the hosts file?
    hosts.deny and hosts.allow

  • Answer # 3

    Are both sshd and iptables restarted?

  • Answer # 4

    Because editing is progressing with iptables, I think that it is probably already confirmed

Related articles