• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved RootLogin in SSH other than port22

J

JuanCar

Regular Pleskian
Server operating system version
Almalinux 9.4
Plesk version and microupdate number
Plesk Obsidian 18.0.62 #1
Hi.
I just migrated my Plesk from Centos to AlmaLinux 9
I had root access to ssh.
I changed port number, and setup Firewall to allow the new port.
But I cannot access using root.
When I try ssh access I get this answer: The remote system refused the connection
I created a new user with ssh access right (allowusers root sshuser), with this user I can access by ssh to the server and switch to root when logged.
I wonder why I can't access ssh as root using another port different of 22
Any idea?
 
Check SSH Configuration File:

Edit your SSH configuration file to ensure it allows root login on the new port.
#sudo nano /etc/ssh/sshd_config

Verify the following settings:
Port <new_port_number>
PermitRootLogin yes
AllowUsers root sshuser

After making changes to the SSH configuration file, restart the SSH service;
sudo systemctl restart sshd


Hope this helps!
 
It's also worth checking if there is no other firewall application running (firewalld being the most common).
 
afuego said:
Check SSH Configuration File:

Edit your SSH configuration file to ensure it allows root login on the new port.
#sudo nano /etc/ssh/sshd_config

Verify the following settings:
Port <new_port_number>
PermitRootLogin yes
AllowUsers root sshuser

After making changes to the SSH configuration file, restart the SSH service;
sudo systemctl restart sshd


Hope this helps!
Click to expand...
I followed all these steps, of course. But the problem is that if I set port to 22 root access is allowed, but when I set another port root access are forbidden. Of course the port is open, an so I can access with another user.
I cannot see any other firewall.
I have Selinux in my system, but I set it to permissive, so it doesn't affect.
 
JuanCar said:
I followed all these steps, of course. But the problem is that if I set port to 22 root access is allowed, but when I set another port root access are forbidden. Of course the port is open, an so I can access with another user.
I cannot see any other firewall.
I have Selinux in my system, but I set it to permissive, so it doesn't affect.
Click to expand...
If SELinux is enabled, you might need to configure it to allow SSH on the new port:

#sudo semanage port -a -t ssh_port_t -p tcp <new_port_number>
#sudo semanage port -l | grep ssh


Check SSH logs for any errors:

sudo tail -f /var/log/secure
ssh -p <new_port_number> root@<server_ip>


Ensure the SSH daemon is listening on the new port. You can check this with:

#sudo netstat -tuln | grep <new_port_number>
 
afuego said:
If SELinux is enabled, you might need to configure it to allow SSH on the new port:

#sudo semanage port -a -t ssh_port_t -p tcp <new_port_number>
#sudo semanage port -l | grep ssh


Check SSH logs for any errors:

sudo tail -f /var/log/secure
ssh -p <new_port_number> root@<server_ip>


Ensure the SSH daemon is listening on the new port. You can check this with:

#sudo netstat -tuln | grep <new_port_number>
Click to expand...
I can use the new port with a non-root user but not with root. Ports are not the problem, the problem is that root can access if I use port 22 but not if I use any other port.
And SElinux is deactivated with setenforce 0. And logs secure o messages doesn't contain any info about the root access denied. So I think SElinux is not the issue.
 
JuanCar said:
I followed all these steps, of course. But the problem is that if I set port to 22 root access is allowed, but when I set another port root access are forbidden. Of course the port is open, an so I can access with another user.
Click to expand...
The error message is suspicious, though. The remote system refused the connection usually means that the connection itself is already failing, and at that point the server has no way to know you want to login as root, so it shouldn't be able to deny you based on that. Are you absolutely sure you didn't fumble the port number in your ssh client config/commandline for the root login attempt?
 
Solved: I'm silly, very, very, very silly
The mistake was in my side. I was using an script to connect (with default port 22), but I was setting port config in another one.
Thanks
 
You must log in or register to reply here.

Similar threads

T
Question Plesk Migration: How to connect via SSH to Source Server (help needed after many trials)
Replies
3
Views
380
La Linea
L
N
Issue cPanel to Plesk migration problems
Replies
6
Views
565
Kaspar@Plesk
Kaspar@Plesk
A
Issue Firewall enabled but rules still gray
Replies
8
Views
671
Sebahat.hadzhi
Sebahat.hadzhi
L
Issue Migration problem
Replies
8
Views
512
Kaspar@Plesk
Kaspar@Plesk
S
Question Best practices for SSH?
Replies
1
Views
907
Maarten
M
Back
Top