03-09-2019, 02:45 AM
So tonight tried to change the SSH port number of my new VPS 15. There were hundreds of failed logged in attempts like my IP really got hammered by them. Also earlier on I discovered that the IP had been blacklisted for a mail server that must have existed in its previous life. Looks as though the IP has a dark past. 
I did the usual steps:
Discovered the VIM editor wasn't loaded - probably because I had installed a minimal CentOS 7 OS - so I had to load VIM from scratch:
I forget the vim commands every time. Have to remember typing "i" to get into insert mode. Then of course one has to uncomment the # in front of the Port 22. And then replace the 22 with your preferred number. I went for a 5-digit number that looks almost like the one for my HostUS VPS port but with different digits. I had difficulty here too as it wouldn't accept the number pad keys of my desktop computer, so learned that I had to use the number keys in the main keyboard. Then figured out finally I had to click on Esc to get out of insert mode first. Then Shift ZZ and then I was out.
I then repeated the above vim command to just check the changed port number was fixed, and it was.
I then restarted the ssh service:
And then restarted Putty SSH with my new port number and it refused the connection! This was when the fun started. I was locked out of my VPS. Deep breath! I then remembered this had happened to me before. And I'd then taken the coward's way out with hard labour by reinstalling the OS and starting everything from scratch. This time I didn't feel like doing it so was searching for ways to fix the problem.
I then discovered magic in Hostlease's Panel. A Serial Console with which one can generate a user name and password to get into PuTTy and SSH into the VPS. AND more important, after Googling this issue, I discovered that I had missed an IMPORTANT STEP in my tutorial and that was to change the iptables and Firewall SSH port number. So thanks to Google I found this command at Hostgator (note - NEWPORTNUMBER has to be replaced by your new port number- numerical:
Then did another sshd restart:
And it worked! I now have a nice new port number for SSH.
So yes, kudos to Hostlease's serial console that helped me to bale myself out. Otherwise my Plan B would have been to re-install the OS and start from scratch. I have now fixed my tutorial in the IP to include the above important iptable command.
__________________________________________________________________
Postscript
OK - so another problem occurred. And not sure what happened. I wanted to add this tutorial to my blog, and when I tried to get in discovered that VestaCP httpd Apache and Nginx were both down, and I couldn't restart them. I tried everything.
This is the error message that came up when I checked up in the server with SSH:
Nothing worked. I tried a few suggestions that I'd Googled (looks as though this could be a common problem particularly with CentOS 7) - one being to comment out error code in the conf file but that didn't work either.
Not sure what worked in the end, but I did it step by step. I resaved the user in VestaCP. I then went into the IPs. I deleted the one IP which was the secondary one and I resaved the other IP. I also went into the DNS and resaved the DNS and all of the records.
I then didn't know what else to do and thought I'd try and go back to the server and restart nginx and httpd and they were already up and running for a few minutes. Wonder whether it was the IP resave that did it.
Thank goodness again, as I thought I might have to re-install VestaCP which would have meant I'd have to recreate my WordPress websites again. They've been created with the Softaculous App on VestaCP, so if VestaCP gets nixed, so do my Websites by default. So basically probably not a good idea to install the WordPress sites through VestaCP. Better to do all of it from the command line.
Bottomline. If you have VestaCP and you want to change your SSH port number you've got to have hair on your teeth.
In the end however, and thinking in retrospect, maybe reinstalling everything would have taken less time than trouble shooting httpd and nginx that didn't want to restart. But at least I learned a few lessons.
________________________________________________________
Last note: since revisiting SSH, no more failed login attempts. Not a single one! Mission accomplished!
I did the usual steps:
Code: (Select All)
vim /etc/ssh/sshd_configDiscovered the VIM editor wasn't loaded - probably because I had installed a minimal CentOS 7 OS - so I had to load VIM from scratch:
Code: (Select All)
yum install vimI forget the vim commands every time. Have to remember typing "i" to get into insert mode. Then of course one has to uncomment the # in front of the Port 22. And then replace the 22 with your preferred number. I went for a 5-digit number that looks almost like the one for my HostUS VPS port but with different digits. I had difficulty here too as it wouldn't accept the number pad keys of my desktop computer, so learned that I had to use the number keys in the main keyboard. Then figured out finally I had to click on Esc to get out of insert mode first. Then Shift ZZ and then I was out.
I then repeated the above vim command to just check the changed port number was fixed, and it was.
I then restarted the ssh service:
Code: (Select All)
service sshd restartAnd then restarted Putty SSH with my new port number and it refused the connection! This was when the fun started. I was locked out of my VPS. Deep breath! I then remembered this had happened to me before. And I'd then taken the coward's way out with hard labour by reinstalling the OS and starting everything from scratch. This time I didn't feel like doing it so was searching for ways to fix the problem.
I then discovered magic in Hostlease's Panel. A Serial Console with which one can generate a user name and password to get into PuTTy and SSH into the VPS. AND more important, after Googling this issue, I discovered that I had missed an IMPORTANT STEP in my tutorial and that was to change the iptables and Firewall SSH port number. So thanks to Google I found this command at Hostgator (note - NEWPORTNUMBER has to be replaced by your new port number- numerical:
Code: (Select All)
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport NEWPORTNUMBER -j ACCEPTThen did another sshd restart:
Code: (Select All)
service sshd restartAnd it worked! I now have a nice new port number for SSH.
So yes, kudos to Hostlease's serial console that helped me to bale myself out. Otherwise my Plan B would have been to re-install the OS and start from scratch. I have now fixed my tutorial in the IP to include the above important iptable command.
__________________________________________________________________
Postscript
OK - so another problem occurred. And not sure what happened. I wanted to add this tutorial to my blog, and when I tried to get in discovered that VestaCP httpd Apache and Nginx were both down, and I couldn't restart them. I tried everything.
This is the error message that came up when I checked up in the server with SSH:
Code: (Select All)
See "systemctl status httpd.service" and "journalctl -xe" for detailsNothing worked. I tried a few suggestions that I'd Googled (looks as though this could be a common problem particularly with CentOS 7) - one being to comment out error code in the conf file but that didn't work either.
Not sure what worked in the end, but I did it step by step. I resaved the user in VestaCP. I then went into the IPs. I deleted the one IP which was the secondary one and I resaved the other IP. I also went into the DNS and resaved the DNS and all of the records.
I then didn't know what else to do and thought I'd try and go back to the server and restart nginx and httpd and they were already up and running for a few minutes. Wonder whether it was the IP resave that did it.
Thank goodness again, as I thought I might have to re-install VestaCP which would have meant I'd have to recreate my WordPress websites again. They've been created with the Softaculous App on VestaCP, so if VestaCP gets nixed, so do my Websites by default. So basically probably not a good idea to install the WordPress sites through VestaCP. Better to do all of it from the command line.
Bottomline. If you have VestaCP and you want to change your SSH port number you've got to have hair on your teeth.
In the end however, and thinking in retrospect, maybe reinstalling everything would have taken less time than trouble shooting httpd and nginx that didn't want to restart. But at least I learned a few lessons.
________________________________________________________
Last note: since revisiting SSH, no more failed login attempts. Not a single one! Mission accomplished!