Results 1 to 22 of 22
-
11-30-2013, 10:45 AM #1Newbie
- Join Date
- Mar 2010
- Posts
- 26
Changed the default SSH port but forgot to unblock it in CSF firewall
So now i cant SSH to my server because the firewall blocks that port. What are my solutions?
-
11-30-2013, 10:46 AM #2Web Hosting Master
- Join Date
- Jan 2008
- Posts
- 1,427
-
11-30-2013, 10:50 AM #3Newbie
- Join Date
- Mar 2010
- Posts
- 26
-
11-30-2013, 10:59 AM #4Aspiring Evangelist
- Join Date
- Dec 2011
- Location
- Montreal
- Posts
- 431
If you have access to WHM (of course if you have cPanel installed) login like root and reset sshd configuration by:
Code:http://youripaddress:2086/scripts2/doautofixer?autofix=safesshrestart
This will reset ssh port to 22.
P.S I just see your post correctly , and my question is do you have any cPanel or no? Do you have access (if you have cPanel) to WHM?
RegardsLast edited by rowebca; 11-30-2013 at 11:04 AM. Reason: mistake
-
11-30-2013, 11:03 AM #5Newbie
- Join Date
- Mar 2010
- Posts
- 26
Unfortunately no control panel is installed
-
11-30-2013, 11:20 AM #6Aspiring Evangelist
- Join Date
- Dec 2011
- Location
- Montreal
- Posts
- 431
-
11-30-2013, 12:04 PM #7Web Hosting Master
- Join Date
- May 2012
- Location
- Linux World
- Posts
- 1,137
Ask your DC to run "csf -a <your IP>" in the server, then you can gain access.
Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : cheri.kevin@gmail.com
-
11-30-2013, 12:06 PM #8Web Hosting Master
- Join Date
- Jan 2008
- Posts
- 1,427
No, that won't make a difference - the IP isn't blocked...the PORT is not open on the firewall after OP changed the port in the ssh configuration file.
The only way around this is to contact your provider and either have them open the port in the CSF config files, change the ssh port back, or provide you console access.
-
11-30-2013, 12:23 PM #9Web Hosting Master
- Join Date
- May 2012
- Location
- Linux World
- Posts
- 1,137
Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : cheri.kevin@gmail.com
-
11-30-2013, 12:28 PM #10Web Hosting Master
- Join Date
- Jan 2008
- Posts
- 1,427
-
11-30-2013, 02:37 PM #11Web Hosting Master
- Join Date
- May 2012
- Location
- Linux World
- Posts
- 1,137
being in the csf.allow, I do have access to any ports in the server (though LFD in effect if not added to csf.ignore) whether the port is allowed or not in main conf.
consider a situation where you want to allow port 22 to your IP only, how will you do that?. >> You block the port 22 in global csf conf, and allow through the csf.allow file, thats it.Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : cheri.kevin@gmail.com
-
11-30-2013, 02:46 PM #12Temporarily Suspended
- Join Date
- Jun 2013
- Posts
- 87
simply you have to do it via console. or have to pay to DC guys to do this within Admin charges
-
11-30-2013, 02:48 PM #13Web Hosting Master
- Join Date
- Dec 2007
- Location
- LocalHost
- Posts
- 1,317
█ YagHost - Fast Reliable Hosting Since 2009
█ Managed VPS - NVMe DirectAdmin
█ Web Hosting - NVMe SSD, AMD EPYC, 10 Gbps (US, Europe, Singapore)
-
11-30-2013, 03:04 PM #14Web Hosting Master
- Join Date
- May 2012
- Location
- Linux World
- Posts
- 1,137
>> So now i cant SSH to my server because the firewall blocks that port. What are my solutions?
There appear a mis-communication. what I understand is that the SSH is blocked by the csf firewall as OP didn't add the port to the firewall config. If thats the case, adding the IP to the allow list will certainly gain him access.Kevin Cheri : Senior Server Administrator / Freelancer : 13+ years Exp, reach me out for any help
Server Optimization Expert / Mysql Guru / Migration Specialist
Skype : lynxmaestro
Gmail : cheri.kevin@gmail.com
-
11-30-2013, 03:38 PM #15Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
-
12-01-2013, 06:54 PM #16Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
Wrong, sorry; adding an IP to the CSF allow list via "csf -a IP" will give that IP access to all ports on the server. I don't know how else to say this other than saying it definitely works.
Your point about why can't they just add it to the TCP_ALLOW string in /etc/csf/csf.conf is good though, of course they could; just that a one line command alternative was being offered.
If you change config in CSF there's a setting up the top of the file that puts your new rules in for a few minutes then turns them off again. This is great if you're new and want to ensure you don't lock yourself out.
-
12-01-2013, 07:04 PM #17Junior Guru
- Join Date
- Feb 2006
- Location
- ::1/128
- Posts
- 247
You don't have any recovery options from the datacenter's panel?
You could easily boot to recovery console, mount the disks and edit ssh port back to 22. Reboot and login normally to change firewall and ssh again.
(Or just edit csf conf directly from recovery - same thing)
-
12-06-2013, 06:17 PM #18Junior Guru Wannabe
- Join Date
- Mar 2012
- Posts
- 50
I have blocked my port and can't ssh in. I have serial console logged in but when I try run csf -r I get command not found.
Console is showing
root@dns1 [/]#
-
12-06-2013, 06:42 PM #19Hosting Billing Master
- Join Date
- May 2003
- Location
- California, USA, Earth
- Posts
- 1,098
whereis csf
Then use the full path, ie..
/usr/sbin/csf -a YOUR_IP_ADDRESS
As mentioned in this thread, the -a switch will whitelist your IP address, giving you access to all ports regardless of whether they are explicitly allowed in csf.conf via TCP_IN or not.
In fact, it's a good idea to do this straight away in case of issues just like this.
-
12-06-2013, 06:51 PM #20Junior Guru Wannabe
- Join Date
- Mar 2012
- Posts
- 50
whereis csf gives me csf:
-
12-06-2013, 07:25 PM #21Hosting Billing Master
- Join Date
- May 2003
- Location
- California, USA, Earth
- Posts
- 1,098
-
12-06-2013, 07:33 PM #22Junior Guru Wannabe
- Join Date
- Mar 2012
- Posts
- 50
Was logged in to the wrong server. Got too many, thanks for your help
Similar Threads
-
Changing SSH Port (CSF)
By a-kevin in forum Dedicated ServerReplies: 15Last Post: 02-03-2015, 09:53 PM -
Forgot SSH Port
By Rezaa in forum Hosting Security and TechnologyReplies: 11Last Post: 12-18-2010, 08:21 PM -
ssh port changed but not work
By ttgt in forum Hosting Security and TechnologyReplies: 3Last Post: 11-23-2010, 03:25 PM -
Csf firewall help with recommandation about sql port
By hostyourdream in forum Hosting Software and Control PanelsReplies: 2Last Post: 09-13-2010, 11:25 AM -
Changed SSH port - How to add extra port to APF?
By Greedisgood in forum Hosting Security and TechnologyReplies: 3Last Post: 06-10-2007, 10:18 AM