Ask Your Question

Can't SSH into fresh Fedora Server 27 after changing port, SELinux type enforcement & Firewall rules

asked 2018-02-04 22:43:17 -0500

nonce gravatar image

I've essentially done the following:

sudo sed -i 's/#Port\ 22/Port\ ###/' /etc/ssh/sshd_config

sudo semanage port -a -t ssh_port_t -p tcp ###

sudo firewall-cmd --permanent --zone=public --add-port=###/tcp

Keys were created & copied with the following:

ssh-keygen -t rsa

ssh-copy-id user@host

On the client box, I'm met with an error about 'no route to host'. Default port works without issue. Any input is appreciated.

Thank you,

edit retag flag offensive close merge delete


Two important questions.

Is sshd socket-activated on your system? That is: is sshd.socket enabled. If that is the case, the sshd.socket service file needs adjusting as well.

Has the sshd daemon been restarted?

villykruse gravatar imagevillykruse ( 2018-02-07 03:29:26 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2018-02-06 01:33:49 -0500

ssieb gravatar image

That would indicate that the firewall rule isn't doing what you think it is. What is the output of firewall-cmd --get-active-zones? The problem most likely is that you are only changing the permanent config, not the runtime config. Run that firewall-cmd line again without the --permanent. The better way to do something like that is to add the rules to the runtime config first and then if it works, you run firewall-cmd --runtime-to-permanent to save it.

edit flag offensive delete link more

answered 2018-02-07 03:17:19 -0500

Glenn gravatar image

Reload the firewall.

firewall-cmd --reload
edit flag offensive delete link more

Question Tools


Asked: 2018-02-04 22:43:17 -0500

Seen: 486 times

Last updated: Feb 07 '18