0

I'm working through this and this tutorials from DigitalOcean and trying to set up an ssh connection on port 443 as per step 5. I've been able to get it working on port 22 (steps 1-4). I've checked the firewall and port 443 is open. I've changed the /etc/ssh/sshd_config file to: 

 # What ports, IPs and protocols we listen for
 Port 22
 Port 443

I've restarted the service:

sudo service ssh restart
sudo service sshd restart

When I login with putty on port 443 I get a blank screen. It works on port 22. Anything else I can do to get this working on port 443?

Edit:

  $ sudo lsof -i -n -P +c 0 | grep ':80\|:443'

  COMMAND   PID     USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
  nginx   26964     root    6u  IPv4 2603510992      0t0  TCP *:80 (LISTEN)
  nginx   26964     root    7u  IPv6 2603510993      0t0  TCP *:80 (LISTEN)
  nginx   26964     root    8u  IPv4 2603510994      0t0  TCP *:443 (LISTEN)
  nginx   26965 www-data    6u  IPv4 2603510992      0t0  TCP *:80 (LISTEN)
  nginx   26965 www-data    7u  IPv6 2603510993      0t0  TCP *:80 (LISTEN)
  nginx   26965 www-data    8u  IPv4 2603510994      0t0  TCP *:443 (LISTEN)

Edit:

  $ sudo systemctl status sshd

  ● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2017-09-07 16:04:13 EDT; 1min 19s ago
   Main PID: 22845 (sshd)
     CGroup: /system.slice/ssh.service
             ├─22103 sshd: deploy [priv]
             ├─...
             └─22853 pager

  Sep 07 16:04:13 server sshd[22845]: error: Bind to port 443 on 0.0.0.0 failed: Address already in use.
  Sep 07 16:04:13 server sshd[22845]: Server listening on 0.0.0.0 port 22.
pa4080
  • 30,621
user1592380
  • 1,905

1 Answers1

3

Please read the mentioned manual more carefully. Under step 5 is written:

If your connection is working, you are good to go and can stop reading. ...

Ports that are often open include 80 (general web traffic) and 443 (SSL web traffic).

If your SSH server isn't serving web content, we can tell SSH to use one of these web ports to communicate over instead of the default port 22. 443 is the best choice ...

In your case the output of the command sudo lsof -i -n -P | grep www-data is:

nginx   26965 www-data    6u  IPv4 2603510992      0t0  TCP *:80 (LISTEN)
nginx   26965 www-data    7u  IPv6 2603510993      0t0  TCP *:80 (LISTEN)
nginx   26965 www-data    8u  IPv4 2603510994      0t0  TCP *:443 (LISTEN)

That means Nginx web server is serving web content and it uses port 80 and port 443.

Also the output of sudo systemctl status sshd reports the following error:

error: Bind to port 443 on 0.0.0.0 failed: Address already in use.

Everything is okay, just the web server Nginx listen on Port 443. If you want to use SSH connection on this port you should disable or reconfigure the web server.

One port could be used as server's port only from one service. Two services can communicate through common port and within this relationship one of the services plays role as server and the another plays role as client.

If you want to use different SSH port, choice something above 10 000, usually it takes a long time to scan large range of ports, so hacker's bots usually scans the range 1-1000, or some specific ports as 22, 25, 80, 443. Don't forgot to open this port into the firewall, and if your connection is working on the new port, you can disable the default - 22.

References:

pa4080
  • 30,621