Unable to connect to port despite changing setting in security group and firewall

0

Hi, I am trying to change the SSH port from 22 to 2222 to experiment with SSH protection. I have managed to change ssh.service in the server to listening to port 2222. I have also added port 2222 as customer tcp in inbound rule of the security group. I have used "sudo ufw allow 2222/tcp" which I think should change the firewall setting. However, I am still unable to make ssh connection to port 2222. When I scan with nmap, it shows that 2222 status is "filtered". I wonder what I can do to fix this. Thank you!

1 Answer
0

Steps to Resolve the Issue Verify SSH Daemon Configuration

Confirm that the SSH service is configured to listen on port 2222:

sudo grep -i "Port" /etc/ssh/sshd_config

Ensure that Port 2222 is explicitly specified in /etc/ssh/sshd_config and not commented out. Restart the SSH service to apply changes:

sudo systemctl restart sshd Ensure Firewall Configuration

Check your current firewall status:

sudo ufw status

Verify that 2222/tcp is listed as allowed. If it is not:

sudo ufw allow 2222/tcp
sudo ufw reload

Verify Security Group Rules (For Cloud Instances)

Double-check the security group attached to your instance: Ensure an inbound rule exists for port 2222 for the required IP range (e.g., 0.0.0.0/0 or specific trusted IPs). Check for Conflicting Rules

Some environments might have other firewalls (e.g., iptables) in addition to ufw:

sudo iptables -L -n

Ensure there are no rules explicitly blocking port 2222. Verify Service Listening on Port

Ensure the SSH service is actively listening on port 2222:

sudo netstat -tuln | grep 2222

Expected output should show a line like:

tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN Check Nmap Results

If nmap shows port 2222 as filtered, it indicates that the packets are being dropped by a firewall or network-level filter. Possible causes: Security Group Issue: Double-check that the correct security group is applied to your instance. Network Firewall: Some organizations or ISPs may block non-standard ports. Verify with your network administrator or ISP. Test the Connection Locally

If remote connections to 2222 fail, test SSH locally on the server itself:

ssh -p 2222 localhost

This test bypasses external networking and helps confirm if the issue is server-side or network-related. Restart the Server (Optional)

Sometimes, restarting the server ensures all changes (e.g., SSH daemon, firewall) are applied:

sudo reboot

Additional Debugging Tools Use SSH Verbose Mode

Run SSH with verbose mode to get detailed error messages:

ssh -vvv -p 2222 username@hostname

Inspect Logs

Check the SSH server logs for any errors:

sudo journalctl -u sshd

Look for any errors or misconfigurations related to port 2222.

You should also check this too

Security Group Not Updated: Forgetting to save or apply security group changes. Firewall and Security Group Conflict: Both must explicitly allow port 2222. Incorrect IP Range in Rules: Ensure that the IP range allows your client’s public IP. By following these steps, you should be able to resolve the issue with connecting to port 2222.

profile picture
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions