Change ssh port

Compared to other Clouds, OCI requires some extra steps to avoid getting locked out.

1. Edit Security List on OCI

From the OCI control panel navigate to Compute > Instances and select your instance. You should see something like this:

Click on the subnet:

Next, either make a new Security List, or simply edit the Default:

Add a new Ingress Rule:

In the following panel enter the required information:

Source Type: CIDR
Source CIDR: either 0.0.0.0/0 or <the-ip-you'll-be-connecting-from>/32
IP Protocol: TCP
Destination Port Range: <the-port-you-want-to-use-for-ssh>
Description: something that makes sense to you

Please note: DO NOT delete the default SSH (port 22) Ingress Rule at this point

2. Change SSH listening port in the daemon

# Edit the ssh configuration file
sudo nano /etc/ssh/sshd_config

# Find the line that says #Port 22 and replace it with:
Port <the-port-you-selected-earlier>

# Save your changes and reload the daemon
sudo systemctl restart sshd

Please note: you must include the following steps for this to work in OCI

3. Manage ingress rules with firewalld

Install firewalld and set new rules:

# Install firewalld
sudo apt install firewalld

# Firewalld should come enabled and auto-start. In case it doesn't do:
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Add the new ssh port to the public zone
sudo firewall-cmd --zone=public --add-port=<the-port-you-selected-earlier>/tcp --permanent 

# Reload firewalld rules
sudo firewall-cmd --reload

# Check that the rule stuck
sudo firewall-cmd --list-all

Please note: before disconnecting your current session, open a new Terminal session and ssh using your new port

# Connecting to your instance with the new port (add the -p flag)
ssh -i "<path-to-the-new-oracle-key>" -p <the-port-you-selected-earlier> <your-chosen-username>@<the-ip4-address-of-the-new-vm>

A couple of links regarding this process:

PreviousCreate new user and remove default one NextChanging keys

Last updated 1 year ago