Results 1 to 22 of 22
  1. #1

    Changed the default SSH port but forgot to unblock it in CSF firewall

    So now i cant SSH to my server because the firewall blocks that port. What are my solutions?

  2. #2
    Join Date
    Jan 2008
    Posts
    1,427
    Quote Originally Posted by filipmedia View Post
    So now i cant SSH to my server because the firewall blocks that port. What are my solutions?
    Use the console to get in...

  3. #3
    Quote Originally Posted by Kingfish85 View Post
    Use the console to get in...
    I need to pay extra for it... is there any other solution? Like maybe rebooting server and getting inside before the CSF firewall gets started?

  4. #4
    Join Date
    Dec 2011
    Location
    Montreal
    Posts
    431
    Quote Originally Posted by filipmedia View Post
    I need to pay extra for it... is there any other solution? Like maybe rebooting server and getting inside before the CSF firewall gets started?
    If you have access to WHM (of course if you have cPanel installed) login like root and reset sshd configuration by:
    Code:
    http://youripaddress:2086/scripts2/doautofixer?autofix=safesshrestart

    This will reset ssh port to 22.

    P.S I just see your post correctly , and my question is do you have any cPanel or no? Do you have access (if you have cPanel) to WHM?


    Regards
    Last edited by rowebca; 11-30-2013 at 11:04 AM. Reason: mistake
    George B. | ROWEBCA
    Web Hosting Services & Server Management
    Skype : rowebca

  5. #5
    Unfortunately no control panel is installed

  6. #6
    Join Date
    Dec 2011
    Location
    Montreal
    Posts
    431
    Quote Originally Posted by filipmedia View Post
    Unfortunately no control panel is installed


    The best way is to contact your provider at this point if you don't really have console. Or to hack your server


    Regards
    George B. | ROWEBCA
    Web Hosting Services & Server Management
    Skype : rowebca

  7. #7
    Join Date
    May 2012
    Location
    Linux World
    Posts
    1,137
    Ask your DC to run "csf -a <your IP>" in the server, then you can gain access.
    Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
    Server Optimization Expert / Mysql Guru / Migration Specialist
    Skype : lynxmaestro
    Gmail : cheri.kevin@gmail.com

  8. #8
    Join Date
    Jan 2008
    Posts
    1,427
    Quote Originally Posted by kevincheri View Post
    Ask your DC to run "csf -a <your IP>" in the server, then you can gain access.
    No, that won't make a difference - the IP isn't blocked...the PORT is not open on the firewall after OP changed the port in the ssh configuration file.

    The only way around this is to contact your provider and either have them open the port in the CSF config files, change the ssh port back, or provide you console access.

  9. #9
    Join Date
    May 2012
    Location
    Linux World
    Posts
    1,137
    Quote Originally Posted by Kingfish85 View Post
    No, that won't make a difference - the IP isn't blocked...the PORT is not open on the firewall after OP changed the port in the ssh configuration file.

    The only way around this is to contact your provider and either have them open the port in the CSF config files, change the ssh port back, or provide you console access.
    No, adding the IP via 'csf -a' gives you full access to the server (a total whitelist), so its indeed what should do if possible
    Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
    Server Optimization Expert / Mysql Guru / Migration Specialist
    Skype : lynxmaestro
    Gmail : cheri.kevin@gmail.com

  10. #10
    Join Date
    Jan 2008
    Posts
    1,427
    Quote Originally Posted by kevincheri View Post
    No, adding the IP via 'csf -a' gives you full access to the server (a total whitelist), so its indeed what should do if possible
    The port is not opened. It's not a case of being whitelisted, it's a case of the port not being opened.

  11. #11
    Join Date
    May 2012
    Location
    Linux World
    Posts
    1,137
    Quote Originally Posted by Kingfish85 View Post
    The port is not opened. It's not a case of being whitelisted, it's a case of the port not being opened.
    being in the csf.allow, I do have access to any ports in the server (though LFD in effect if not added to csf.ignore) whether the port is allowed or not in main conf.
    consider a situation where you want to allow port 22 to your IP only, how will you do that?. >> You block the port 22 in global csf conf, and allow through the csf.allow file, thats it.
    Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
    Server Optimization Expert / Mysql Guru / Migration Specialist
    Skype : lynxmaestro
    Gmail : cheri.kevin@gmail.com

  12. #12
    Join Date
    Jun 2013
    Posts
    87
    simply you have to do it via console. or have to pay to DC guys to do this within Admin charges

  13. #13
    Join Date
    Dec 2007
    Location
    LocalHost
    Posts
    1,317
    Quote Originally Posted by kevincheri View Post
    No, adding the IP via 'csf -a' gives you full access to the server (a total whitelist), so its indeed what should do if possible
    You cannot access port which are blocked even from whitelist IP.
    Its blocked for all.

    And if VPS provider can add whitelist IP, why they can't simply add SSH port in allowed ports.
    YagHost - Fast Reliable Hosting Since 2009
    Managed VPS - NVMe DirectAdmin
    Web Hosting - NVMe SSD, AMD EPYC, 10 Gbps (US, Europe, Singapore)

  14. #14
    Join Date
    May 2012
    Location
    Linux World
    Posts
    1,137
    >> So now i cant SSH to my server because the firewall blocks that port. What are my solutions?
    There appear a mis-communication. what I understand is that the SSH is blocked by the csf firewall as OP didn't add the port to the firewall config. If thats the case, adding the IP to the allow list will certainly gain him access.
    Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
    Server Optimization Expert / Mysql Guru / Migration Specialist
    Skype : lynxmaestro
    Gmail : cheri.kevin@gmail.com

  15. #15
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    Quote Originally Posted by Kingfish85 View Post
    The only way around this is to contact your provider and either have them open the port in the CSF config files, change the ssh port back, or provide you console access.
    This is the best solution to your problem OP. They should do it for free to help you. If they want you to pay to get the console to do it yourself, you might as-well pack your bags and get a refund. Because you'd be paying for a useless vps.

  16. #16
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Quote Originally Posted by ravi_9793 View Post
    You cannot access port which are blocked even from whitelist IP.
    Its blocked for all.
    Wrong, sorry; adding an IP to the CSF allow list via "csf -a IP" will give that IP access to all ports on the server. I don't know how else to say this other than saying it definitely works.

    Your point about why can't they just add it to the TCP_ALLOW string in /etc/csf/csf.conf is good though, of course they could; just that a one line command alternative was being offered.

    If you change config in CSF there's a setting up the top of the file that puts your new rules in for a few minutes then turns them off again. This is great if you're new and want to ensure you don't lock yourself out.

  17. #17
    Join Date
    Feb 2006
    Location
    ::1/128
    Posts
    247
    You don't have any recovery options from the datacenter's panel?
    You could easily boot to recovery console, mount the disks and edit ssh port back to 22. Reboot and login normally to change firewall and ssh again.
    (Or just edit csf conf directly from recovery - same thing)

  18. #18
    Join Date
    Mar 2012
    Posts
    50
    I have blocked my port and can't ssh in. I have serial console logged in but when I try run csf -r I get command not found.

    Console is showing
    root@dns1 [/]#

  19. #19
    Join Date
    May 2003
    Location
    California, USA, Earth
    Posts
    1,098
    Quote Originally Posted by n1kko22 View Post
    I have blocked my port and can't ssh in. I have serial console logged in but when I try run csf -r I get command not found.

    Console is showing
    root@dns1 [/]#
    whereis csf

    Then use the full path, ie..

    /usr/sbin/csf -a YOUR_IP_ADDRESS

    As mentioned in this thread, the -a switch will whitelist your IP address, giving you access to all ports regardless of whether they are explicitly allowed in csf.conf via TCP_IN or not.

    In fact, it's a good idea to do this straight away in case of issues just like this.
    Blesta - The Billing Platform for Hosting Providers
    Client Management, Billing, & Support Software
    Trial - Demo | 714-923-7325 | Twitter @blesta

  20. #20
    Join Date
    Mar 2012
    Posts
    50
    whereis csf gives me csf:

  21. #21
    Join Date
    May 2003
    Location
    California, USA, Earth
    Posts
    1,098
    Quote Originally Posted by n1kko22 View Post
    whereis csf gives me csf:
    It sounds almost as if csf is not installed..
    Blesta - The Billing Platform for Hosting Providers
    Client Management, Billing, & Support Software
    Trial - Demo | 714-923-7325 | Twitter @blesta

  22. #22
    Join Date
    Mar 2012
    Posts
    50
    Was logged in to the wrong server. Got too many, thanks for your help

Similar Threads

  1. Changing SSH Port (CSF)
    By a-kevin in forum Dedicated Server
    Replies: 15
    Last Post: 02-03-2015, 09:53 PM
  2. Forgot SSH Port
    By Rezaa in forum Hosting Security and Technology
    Replies: 11
    Last Post: 12-18-2010, 08:21 PM
  3. ssh port changed but not work
    By ttgt in forum Hosting Security and Technology
    Replies: 3
    Last Post: 11-23-2010, 03:25 PM
  4. Csf firewall help with recommandation about sql port
    By hostyourdream in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 09-13-2010, 11:25 AM
  5. Changed SSH port - How to add extra port to APF?
    By Greedisgood in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-10-2007, 10:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •