Ubuntu 12.04 changing default ssh port: connection refused

February 13, 2014 12.4k views
Hello, I edited my /etc/ssh/sshd_config changing Port 22 to Port 1023. Restarted service and now I can't connect. Do I have to open port in firewall also? If so, how can I do this? If I change back config to port 22 it works again.
7 Answers
Did you install a firewall on your droplet? What's the output of
sudo iptables-save
A default install of Ubuntu 12.04.3 x64 doesn't enable the firewall by default. However if you enabled it, yes you will need to open the port.

A simple way to open the port is with the `ufw` command, as root type:
ufw allow 1023/tcp

To check the status of the firewall you can either of the following commands (as root):
ufw status
iptables -nL

If your unable to access your VPS instance you will need to log into the portal, select the droplet and use the Console Access option.
I have this same problem, and it seems iptables -nL returns a line with:
ACCEPT tcp -- tcp dpt:22

Do I need to update the iptables configuration to allow the new ssh port?

From my mac osx client, I am not getting connection refused - I am getting a simple time out message:

ssh: connect to host a.b.c.d port nnnnn: Operation timed out

Any ideas?

This is an Ubuntu droplet with ghost blog app chosen as setup time.
@james: What's the output of iptables-save?
root@graywoods:~# iptables-save
# Generated by iptables-save v1.4.12 on Thu May 29 18:58:35 2014
:OUTPUT ACCEPT [255317:199083580]
-A INPUT -i lo -j ACCEPT
-A INPUT -d -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Completed on Thu May 29 18:58:35 2014
Yes. If you've changed the port for SSH, you need to open that port in your iptables rules. You can also go ahead and close port 22.

If you changed the port (in sshd_config file), opened the door on the firewall, you may need to update the selinux:

#semanage port -a -t ssh_port_t -p tcp 1023

Have another answer? Share your knowledge.