SSH default port not changing (Ubuntu 22.10)

Question

I am on Ubuntu 22.10

I have:

Edited /etc/ssh/sshd_config, left the default '#Port 22' line but added below it: 'Port 1234'
Then added allow rule for it in UFW using command 'sudo ufw allow 1234' which added:

To	Action	From
1234	ALLOW	Anywhere
1234 (v6)	ALLOW	Anywhere (v6)

I then restart the SSH service using 2 different methods (see start of block below) but I see no change, service status states it started listening on port 22 and to verify this I check listening ports and sure enough it's still 22.

sudo systemctl restart ssh

sudo service ssh restart

systemctl status ssh

ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
         └─00-socket.conf
 Active: active (running) since Mon 2022-11-07 10:12:52 AEDT; 5s ago
TriggeredBy: ● ssh.socket
   Docs: man:sshd(8)
         man:sshd_config(5)
Process: 54858 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 54859 (sshd)
  Tasks: 1 (limit: 1020)
 Memory: 1.3M
    CPU: 13ms
 CGroup: /system.slice/ssh.service
         └─54859 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Nov 07 10:12:52 webserver.abc.com systemd[1]: Starting OpenBSD Secure Shell server...
Nov 07 10:12:52 webserver.abc.com sshd[54859]: Server listening on :: port 22.
Nov 07 10:12:52 webserver.abc.com systemd[1]: Started OpenBSD Secure Shell server.

ss -tlpn

State         Recv-Q        Send-Q               Local Address:Port   Peer Address:Port Process
LISTEN        0             4096                             *:22                *:*    -

Am I missing a step or doing something wrong? I do note the service status has "preset: enabled" but multiple guides I've read haven't mentioned anything about disabling anything like presets.

EDIT: Thanks matigo for reminding me but sshd.service doesn't seem to be installed yet I have the config files and can remote in just fine, not sure if I just don't understand and I need to install sshd for it to take over the default ssh operations?

Can I confirm that the service name is `ssh` rather than `sshd`? Generally the server is restarted with `service sshd restart` if you are using the standard server for Ubuntu — matigo, Nov 06 '22 at 23:38
@matigo I thought that but the default box from linode of this version of ubuntu when I look at the service list with `systemctl list-units --type=service` I only see one entry for ssh: `ssh.service loaded active running OpenBSD Secure Shell server` Do I need to install sshd separately? I thought of this but then thought it strange that I have sshd config files and I can ssh in just fine at the moment using defaults. When trying to do anything with sshd it suggests it doesn't exist: `Unit sshd.service could not be found.` — Silently, Nov 07 '22 at 00:18
`openssh-client/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]` `openssh-server/kinetic,now 1:9.0p1-1ubuntu7 amd64 [installed]` — Silently, Nov 07 '22 at 00:37
Could you edit the question to include what you tried when you say "I then restart the SSH service using 2 different methods but I see no change"? For beginners, the most surefire way to restart a service is probably to reboot the computer. Additionally if you're on Linode then the host may have some backend magic going on and you should probably search their documentation. — rexypoo, Nov 07 '22 at 02:57
@rexypoo Thanks Rexy, I actually did include the commands in the block just below it. I've edited the post to refer to below. — Silently, Nov 07 '22 at 03:31
Nothing worked for me, I tried eveything below to no avail. After wasting some time, it was a new server install, so I rebooted to try to terminate the running ssh and get it to reset it. Actually it still didn't work, it's still running on port 22!! — gameaddict, Feb 08 '23 at 22:43

score 21 · Accepted Answer · edited Aug 29 '23 at 03:15

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

TLDR: The /etc/ssh/sshd_config are unused, now that I read the comments in full I found:

# Port and ListenAddress options are not used when sshd is socket-activated,
# which is now the default in Ubuntu. See sshd_config(5) and
# /usr/share/doc/openssh-server/README.Debian.gz for details.

Your options for changing from default port:

Turning off this change and reverting to how SSHd worked prior to this update (From twinsen in discussion linked above):
- systemctl disable --now ssh.socket
- systemctl enable --now ssh.service
- Then the /etc/ssh/sshd_config works again with Ports and Addresses setting
OR Listening socket stream update (from saxl in discussion linked above)
1. mkdir -p /etc/systemd/system/ssh.socket.d
2. ```
cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF
[Socket]
ListenStream=
ListenStream=1234
EOF
```
3. sudo systemctl daemon-reload
4. sudo systemctl restart ssh.socket

It should then state it's started listening on the new port: systemctl status ssh ...

Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on 0.0.0.0 port 1234.
Nov 07 14:42:37 webserver.abc.com sshd[58725]: Server listening on :: port 1234

reverting to how SSHd worked prior does't worked for me but the second solution is working perfectly, thank you sir! — Andrew G, Feb 28 '23 at 12:53
disable socket doesn't work on Ubuntu 23, the new config does work. — Pablo Pazos, Jun 14 '23 at 00:12
Important: don't forget to add the funny "ListenStream=" line (with no address). Without it it doesn't work -- and doesn't print any error messages either :( — Jan, Jul 05 '23 at 07:28

score 8 · Answer 2 · edited Dec 04 '22 at 00:52

8

This is how I solved the OpenSSH port issue on Ubuntu 22.10.

Important - Please take a backup or snapshot before you make changes.

Use the nano editor and change the value of ListenStream parameter

sudo nano /lib/systemd/system/ssh.socket

Change the following parameter to the port of your choice e.g. 44022

ListenStream=44022

Save the file and quit nano editor.

sudo systemctl daemon-reload<br>
sudo systemctl restart ssh<br>
sudo netstat -tulpn<br>

Now you should be able to see that the port 44022 is open.

Do not forget to open the port on firewall e.g. ufw.

sudo ufw allow 44022

I suggest you open another putty session to ensure you are able to login.

edited Dec 04 '22 at 00:52

Nmath

12,105
8
25
54

answered Nov 27 '22 at 18:31

Cyberian

81
1

This worked for me! Thank you – Minqi Pan Jan 23 '23 at 14:30
This also enables `/etc/ssh/sshd_config` or `sshd_config.d/*.conf` to work again. The accepted answer didn't work, tried those two options. – Saftever Feb 11 '23 at 10:40
As @Saftever this worked for me, while accepted answer didn't work. – Spartacus Rocha May 18 '23 at 23:17
Any edits to `/lib/systemd/system/ssh.socket` will be lost when the package is updated – muru Jul 27 '23 at 15:43

score 3 · Answer 3 · edited Jan 08 '23 at 08:57

SSHd now uses socket-based activation Ubuntu 22.10 or later. Read more about this change being discussed here.

For my purposes adding a socket handler is a complication that we do not want, so we are adding the following to our pre-ansible installation steps to remove ssh.socket and go back to using the sshd_config file. (Some of these were not previously documented, so this might save someone else some time.)

Previously we would do the following post-build.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl restart ssh

It looks like the following was required on a new ubuntu 20.10 (Mate 20.10) installation.

add line "Port 4022" after "#Port 22" in /etc/ssh/sshd_config then

sudo systemctl disable --now ssh.socket
sudo systemctl enable --now ssh.service
sudo mv /etc/systemd/system/ssh.service.d/00-socket.conf ./save_disable_ssh.service.d_00-socket.conf
sudo systemctl daemon-reload
sudo systemctl stop ssh
sudo systemctl stop ssh.socket
sudo systemctl start ssh

ymmv

score 2 · Answer 4 · edited Jul 27 '23 at 15:45

I followed the steps from others but nothing worked,... until I uninstalled openssh-server and then reinstalled it, along with ssh.

mkdir -p /etc/systemd/system/ssh.socket.d

nano /etc/systemd/system/ssh.socket.d/listen.conf

[Socket]
ListenStream=
ListenStream=1234

```
sudo apt remove --purge openssh-server
```
```
sudo apt install openssh-server ssh
```
```
sudo systemctl daemon-reload
```
```
sudo systemctl restart ssh
```

After this, running sudo systemctl status ssh should show you are listening on the ports originally setup.

Feb 21 19:28:08 Computer systemd[1]: Starting OpenBSD Secure Shell server...
Feb 21 19:28:08 Computer sshd[48455]: Server listening on :: port 1234.
Feb 21 19:28:08 Computer systemd[1]: Started OpenBSD Secure Shell server.

I do not understand why but I wonder if there was some daemon that did not want to be restarted/reloaded or killed, but uninstalling and reinstalling forced that and therefore picked up the new configuration changes. Very ugly.

This is the only solution that worked for me on 23.04, none of the others did. For whatever reason, the reinstall is necessary. — m_highlanderish, May 08 '23 at 11:31

score 1 · Answer 5 · edited Nov 21 '22 at 14:14

@Silently is right, probably... But systemctl disable --now ssh.socket ; systemctl enable --now ssh.service method doesn't work for me. I don't care why Ubuntu team decided to break SSHD severely, they do it wrong regardless of their intentions: only that odd "Listening socket stream update" method works!

Update: the topic starter didn't mention that you should do it in a slightly different way:

mkdir -p /etc/systemd/system/ssh.socket.d

cat > /etc/systemd/system/ssh.socket.d/listen.conf << EOF
[Socket]
ListenStream=
ListenStream=1234
EOF

Change SSHD port one way or another (I added /etc/ssh/sshd_config.d/local.conf with Port 1234)
[sudo] systemctl daemon-reload
[sudo] systemctl restart ssh

score 0 · Answer 6 · answered Feb 14 '23 at 22:54

I followed the answers to this question today (2023-02-14), and still was getting a SSH service being spawned on ipv6, even though I had set AcceptFamily inet and ListenAddress 10.0.2.15:2022 configured on my /etc/ssh/sshd_config file on Ubuntu 22.10, then configured listen.conf with the different port.

Well, I traced this bug report: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/comments/14 which let me to the script on https://launchpadlibrarian.net/630622842/openssh_9.0p1-1ubuntu8.debdiff

which hinted the solution for me. So, if you need a basic configuration of a single ipv4 address listening on a custom port (e.g. 10.0.2.15 on 22022), do this:

Erase all Port and ListenAddress information on /etc/ssh/sshd_config
Create the directory /etc/systemd/system/ssh.socket.d (i.e. sudo mkdir -p /etc/systemd/system/ssh.socket.d)
Put this content to the /etc/systemd/system/ssh.socket.d/addresses.conf file:

[Socket]
ListenStream=
ListenStream=10.0.2.15:2022

HINT: Do not put Accept=yes on this configuration, hoping for the OS to spawn a ssh service on connection demand. On a new Ubuntu 22.10 installation and configuration as in this answer, this made the ssh service to listen on 0.0.0.0 port 22, and even worse not starting the service on boot.

Then issue these commands:

systemctl daemon-reload
systemctl disable ssh.socket
systemctl stop ssh.socket
systemctl enable ssh.service
systemctl start ssh.service

SSH default port not changing (Ubuntu 22.10)

6 Answers6

Linked