🚪Change ssh port

Compared to other Clouds, OCI requires some extra steps to avoid getting locked out.

1. Edit Security List on OCI

From the OCI control panel navigate to Compute > Instances and select your instance. You should see something like this:

Click on the subnet:

Next, either make a new Security List, or simply edit the Default:

Add a new Ingress Rule:

In the following panel enter the required information:

Source Type: CIDR
Source CIDR: either 0.0.0.0/0 or <the-ip-you'll-be-connecting-from>/32
IP Protocol: TCP
Destination Port Range: <the-port-you-want-to-use-for-ssh>
Description: something that makes sense to you

Please note: DO NOT delete the default SSH (port 22) Ingress Rule at this point

2. Change SSH listening port in the daemon

Next, connect to your instance as you did here and change SSH port on the VM:

# Edit the ssh configuration file
sudo nano /etc/ssh/sshd_config

# Find the line that says #Port 22 and replace it with:
Port <the-port-you-selected-earlier>

# Save your changes and reload the daemon
sudo systemctl restart sshd

More details about this process can be found here.

Please note: you must include the following steps for this to work in OCI

3. Manage ingress rules with firewalld

Install firewalld and set new rules:

# Install firewalld
sudo apt install firewalld

# Firewalld should come enabled and auto-start. In case it doesn't do:
sudo systemctl enable firewalld
sudo systemctl start firewalld

# Add the new ssh port to the public zone
sudo firewall-cmd --zone=public --add-port=<the-port-you-selected-earlier>/tcp --permanent 

# Reload firewalld rules
sudo firewall-cmd --reload

# Check that the rule stuck
sudo firewall-cmd --list-all

Please note: before disconnecting your current session, open a new Terminal session and ssh using your new port

# Connecting to your instance with the new port (add the -p flag)
ssh -i "<path-to-the-new-oracle-key>" -p <the-port-you-selected-earlier> <your-chosen-username>@<the-ip4-address-of-the-new-vm>

A couple of links regarding this process:

Ways to manage access to OCI instances;

Problems with firewalld rules;

Controlling system access with firewalld;

Opening ports to specific IPs;

Managing traffic with zones in firewalld.

PreviousCreate new user and remove default one NextChanging keys

Last updated 1 year ago

# Edit the ssh configuration file sudo nano /etc/ssh/sshd_config # Find the line that says #Port 22 and replace it with: Port <the-port-you-selected-earlier> # Save your changes and reload the daemon sudo systemctl restart sshd

# Install firewalld sudo apt install firewalld # Firewalld should come enabled and auto-start. In case it doesn't do: sudo systemctl enable firewalld sudo systemctl start firewalld # Add the new ssh port to the public zone sudo firewall-cmd --zone=public --add-port=<the-port-you-selected-earlier>/tcp --permanent # Reload firewalld rules sudo firewall-cmd --reload # Check that the rule stuck sudo firewall-cmd --list-all