CSF blocking custom SSH port
Hello.
I've installed Direct Admin and it comes with CSF. I've configured a custom port number in sshd_config file and CSF blocks the connection.
I don't want to whitelist my current IP because it's dynamic.
What's the best configuration for this?
Tagged:
Comments
tcp|in|d=custom_port|s=IP_Address
opens the custom port for your IP only
If ip is dynamic, maybe u can use ur isp ip range in IP_Address
Edit: just realized you don't want to whitelist current IP.
https://webhorizon.net
Reinstall CSF for new SSH port to be included or just manually whitelist
MichaelCee
There is never any issue with CSF ssh custom port - just add the port to the list of other ports. Then csf -r. Change sshd_config and systemctl restart sshd
As for dynamic IP: setup a free dyndns account (there are a few) and add your new FQDN to csf.ignore. Change the relevant dyndns entries in csf.conf -never get locked out by accident.
Done.
(The paranoid amongst us connect via a VPN, with a fixed IP, circumventing the dynamic IP issue.)
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
/etc/csf/csf.conf - or use the GUI
Correction: add your new FQDN to csf.ignore csf.dyndns
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Can I know, did you change SSH port before or after installing DirectAdmin?
MichaelCee
I changed mine before and then just added it to the list of inbound ports in the CSF config page in DA.
To be on the safe side, I (almost) always change port AFTER installing a control panel. I think it was HestiaCP that reverted the port during install, the 1st time I installed it. :-o
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Do what Alibaba would have done.
Open the port.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Thank you, added to TCP_IN and everything OK. Blocking failed attempts still works fortunately.
I was in doubt because with cPanel I didn't configured it in CSF.
I did it before installing. That may be the difference.
With cPanel, CSF is normally installed afterwards, whereby it scans for current open ports and adds the appropriate ssh one to TCP_IN. That's the default action of CSF, during its' installation. Perhaps with panels that integrate CSF during installation, there are 'tweaks' done to sshd_config after the CSF install part (not good).
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Tbh, don't recall having the same issue with DA/CSF but I uninstall and reinstall CSF by default.
MichaelCee
.. which would circumvent any issue. Assuming you haven't rebooted and tried to ssh in to the server i.e. used the GUI to reinstall.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Nah, I mean I check SSH login access and common ports but just uninstall/reinstall CSF in case I miss anything not so obvious.
Had plenty of my own fuck ups so I'm usually in VNC ready to revert.
MichaelCee
I have my own default set of CSF configs, that gets auto downloaded on every new install. Makes life easier
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Another thing for my to-do list!
MichaelCee
Nice.
Where can I download the instructions?
/joke