Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend
Jump to solution

Changing ssh port on CP firewall

I know this may sound like a really dumb question, but is there any way to change ssh port for CP appliances (NOT smb)? I tried looking in clish, web gui, cant find the option anywhere. I even "combed: through whole clish config, nothing for ssh there.

 

Thanks in advance!

0 Kudos
1 Solution

Accepted Solutions
John_Fleming
Advisor

This is a R80.40 MDS.

[Expert@MDS1:0]# netstat -anp | grep sshd | grep LIST
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5310/sshd
[Expert@MDS1:0]# sed -i 's,^#Port 22$,Port 2222,' /etc/ssh/sshd_config
[Expert@MDS1:0]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[Expert@MDS1:0]# netstat -anp | grep sshd | grep LIST
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 25930/sshd
[Expert@MDS1:0]#

Looks like no reboot required?

View solution in original post

12 Replies
Danny
Champion Champion
Champion

vi /etc/ssh/sshd_config && /etc/init.d/sshd restart

the_rock
Legend
Legend

Thanks Danny. tried that, no luck. All I did was vi the file, change port 22 to something random, restarted ssh service, but it still connected on port 22.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Original:

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

 

#Port 22

#Protocol 2,1

Protocol 2

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress :: 

 

Change to:

# default value.

Port <something random>

#Port 22

#Protocol 2,1

Protocol 2

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

K, not really sure what Im missing...

 


#Port 777
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

0 Kudos
Mike_A
Advisor

Remove the "#" in front of the line that pertains to the port. 

From this 

#Port 777
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

To this 

Port 777
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

 

And then restart services as Danny had said. 

the_rock
Legend
Legend

That was actually first thing I tried, but did not work. Let me just reboot this fw, since its in the lab anyway, and I will update after 🙂

0 Kudos
asc
Explorer

As there are no means to configure that on clish or web gui you may just edit /etc/ssh/sshd_config

Uncomment the "Port" directive and change the port number to what you want. Activate the change by service sshd restart.

Take care: Update your rulebase to allow the new port before changing to avoid getting locked out!

0 Kudos
the_rock
Legend
Legend

Thanks everyone, reboot worked! take care and thanks for the help!!

0 Kudos
G_W_Albrecht
Legend Legend
Legend

# set admin-access

allowed-ipv4-addresses   - Administrator access permissions policy for source IP addresses

ssh-access-port          - SSH Port

support-weak-tls-version - For security reasons, it is highly recommended never to change this parameter's value. Support of TLSv1.0 will be added back to the administration portal to allow connectivity with old browsers (usually ones released prior to 2014). Changing the default of this parameter exposes the administration portal to attacks that use vulnerabilities like Heartbleed (CVE-2014-0160).

web-access-port          - Web Port (HTTPS)

interfaces               - Configure which interfaces admin access is allowed from

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
John_Fleming
Advisor

That is only for Gaia Embedded (smb).

0 Kudos
the_rock
Legend
Legend

Correct John...by the way, I ended up changing sshd_config and after reboot, it all worked fine. Not really sure why I had to reboot, since ssh service restart would be sufficient, but anyway. Its Check Point :)))

0 Kudos
John_Fleming
Advisor

This is a R80.40 MDS.

[Expert@MDS1:0]# netstat -anp | grep sshd | grep LIST
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5310/sshd
[Expert@MDS1:0]# sed -i 's,^#Port 22$,Port 2222,' /etc/ssh/sshd_config
[Expert@MDS1:0]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[Expert@MDS1:0]# netstat -anp | grep sshd | grep LIST
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 25930/sshd
[Expert@MDS1:0]#

Looks like no reboot required?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events