How to change sshd port on google cloud instance?

Question

I changed port in /etc/ssh/sshd_config to 23. I restarted sshd (sudo systemctl restart sshd). I added firewall rule for 23:

gcloud compute firewall-rules create debug-ssh-23 --allow tcp:23

But still is not working... Ssh commands times out. How to change sshd port properly?

EDIT:

Firewall rule is: { "allowed": [ { "IPProtocol": "tcp", "ports": [ "23" ] } ], "creationTimestamp": "2018-10-02T14:02:23.646-07:00", "description": "", "direction": "INGRESS", "disabled": false, "id": "3968818270732968496", "kind": "compute#firewall", "name": "debug-ssh-23", "network": "https://www.googleapis.com/compute/v1/projects/foo/global/networks/default", "priority": 1000, "selfLink": "https://www.googleapis.com/compute/v1/projects/foo/global/firewalls/debug-ssh-23", "sourceRanges": [ "0.0.0.0/0" ] }

But I can't access simple nginx service on this port. On 80, works. Rule for 80 is similar.

sshd_config:

# Force protocol v2 only
Protocol 2

# Disable IPv6 for now
AddressFamily inet

# /etc is read-only.  Fetch keys from stateful partition
# Not using v1, so no v1 key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key

PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
UsePAM yes

PrintMotd no
PrintLastLog no
UseDns no
Subsystem sftp internal-sftp

PermitTunnel no
AllowTcpForwarding yes
X11Forwarding no

Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

# Compute times out connections after 10 minutes of inactivity.  Keep alive
# ssh connections by sending a packet every 7 minutes.
ClientAliveInterval 420

AcceptEnv EDITOR LANG LC_ALL PAGER TZ

Answer 1

I did not need to add the ssh-flag to my gcloud command (which I could view but could not figure out how to edit). I followed these instructions:

Using SSH through airplane WiFi that blocks port 22

But my Centos installation had a blank sshd_config. I simply added this line to it:

Port 80

and ran (I had executed the commands in the link above first):

systemctl restart sshd.service

and then I was up and running SSHD on port 80.

Other things to note:

1. I was using this because I wanted to do work while on a JetBlue flight and I could not connect to my server using SSH (seems they block port 22 traffic and I don't want to change the port on which I am running SSHD). So, I created this VM to run SSH on port 80 and I could then connect from there to my server.

2. To save on my $300 in Google Cloud credit, I turned my VM instance off and when I was on the flight, I went to turn it on and there were not enough resources on that Google Cloud Zone to start my instance. Argh!! Set your VM instance to running before you leave on your flight to make sure it'll be available ahead of time. Moving it to another zone was a PITA, so I created a new instance and found I could connect to it even though it was set to run SSH on port 22 by default by connecting to it via the gcloud console's connect via SSH in a browser window, so it was not necessary to change the port upon which SSH was running anyway (at least for JetBlue)...

3. When I created this 2nd VM instance using the CENTOS 7 image, this time it created a full sshd_config file and I just changed the following line:

#Port 22

to:

Port 80

And also executed all the commands in the first link in my post.

Answer 2

besides sshd_config option Port, also see ListenAddress

run sudo systemctl reload sshd.service to apply the changes.

you need to add option ssh-flag in order to connect to another port:

gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 23"

in the cloud console, there's also "open in a browser window on a custom port".

to see, if and where it is listening ...

sudo cat /var/log/secure | grep sshd

the output shoud look about like this:

instance-1 sshd[1192]: Server listening on 0.0.0.0 port 23.
instance-1 sshd[1192]: Server listening on :: port 23.