YunoHost/doc
1
0
Fork 0
mirror of https://github.com/YunoHost/doc.git synced 2024-09-03 20:06:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Explain SSH port alteration cannot be tested

Browse source 
I ran into the issue that I could not connect with SSH with the new port while keeping connection with the old port, because new port was only reachable after a server reboot, hence my suggestion. But maybe reloading Fail2Ban would be sufficient?
This commit is contained in:
Gredin67 2022-12-20 15:43:23 +01:00 committed by GitHub
parent 8e9a97d30a
commit c89c2994d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pages/02.administer/45.tutorials/60.security/security.md
View file

@ -27,7 +27,7 @@ If your YunoHost server is used in a critical production environment, or if you
! **WARNING:** Following these instructions requires advanced knowledge of system administration.
!!!! **TIP** Never close your current SSH connection before checking that your alterations work. Test your new configuration by opening a new terminal or window. That way, you can undo your alterations if anything goes wrong.
!!!! **TIP** Never close your current SSH connection before checking that your alterations work. Test your new configuration by opening a new terminal or window. That way, you can undo your alterations if anything goes wrong. Note that changing the SSH port cannot be tested.
### SSH authentication via key
@ -58,6 +58,8 @@ sudo yunohost settings set security.ssh.password_authentication -v no
To prevent SSH connection attempts by robots that scan the internet for any server with SSH enabled, you can change the SSH port.
This is handled by a system setting, which takes care of updating the SSH and Fail2Ban configuration.
! **Warning: ** Note that this alteration cannot be tested, as the ssh connection with the previous port will be closed, but you can still connect through the webadmin to open/close ports if required.
! If you modify anything in the `/etc/ssh/sshd_config` file, even if only the port, YunoHost will no longer manage this file. For this reason, always use the YunoHost admin tools to make changes to the systems configuration files!
```bash
@ -66,7 +68,7 @@ sudo yunohost settings set security.ssh.port -v <new_ssh_port_number>
**For subsequent SSH connections**, you need to add the `-p` option followed by the SSH port number.
**Sample**:
**Example**:
```bash
ssh -p <new_ssh_port_number> admin@<your_yunohost_server>