Why Cannot I Use a Non-Default SSH Port to Log In to My Linux ECS?

Symptom

Possible Causes

• The access to the new port is not allowed in the security group.
• The new port is not enabled on the firewall.
• The new port is not added to the SSH configuration file.
• The hosts configuration file is incorrectly configured.

Checking Security Group Rules

Checking Firewall Rules

Run the iptables command to check whether the new SSH port, for example, port 2020 is enabled on the firewall.

1. Log in to the Linux ECS.
2. Take CentOS 7.5 as an example. Run the following command to edit the iptables file:

   vi /etc/sysconfig/iptables

3. Add a rule for port 2020.

   -A INPUT -m state -state NEW -m tcp -p tcp -dport 2020 -j ACCEPT
   
   

4. Restart iptables.

   systemctl restart iptables

Checking the SSH Configuration File

Log in to the ECS and check the SSH configuration file.

1. Run the following command to check whether port 2020 has been configured:

   vi /etc/ssh/sshd_config

2. If the port has not been configured, replace #Port 22 with Port 2020.
3. Run the following command to restart SSH:

   service sshd restart

Checking the hosts Configuration File

The /etc/hosts.allow and /etc/hosts.deny files of a Linux ECS are used to permit or deny an IP address or an IP address segment, respectively, to remotely access the ECS using SSH.

1. Add the following statement to /etc/hosts.allow to allow the IP address 192.168.1.3 to access the ECS using SSH:

   sshd: 192.168.1.3
   
   

2. Check /etc/hosts.deny. If sshd:all:deny is contained, comment it out.
   Note

   If a rule is set in both hosts.allow and hosts.deny, the rule in hosts.allow takes precedence. For example, if "sshd: 192.168.1.3" is set in hosts.allow and "sshd:all:deny" is set in hosts.deny, the ECS allows only the SSH login from IP address 192.168.1.3.