Changing SSH Port raises Error - Firewall is not updated

tinder · October 13, 2025, 8:08pm

What type of hardware are you using: VPS bought online
What YunoHost version are you running: YunoHost 12.1.28 (stable)
How are you able to access your server: The webadmin
SSH

Describe your issue

Hello,
I would like to change the SSH port (22) of my YNH server. When I try to do this via the CLI, I get an error, and the same thing happens via the WebGUI. Only the entry ‘22’ seems to be allowed.

CLI command:
sudo yunohost settings set security.ssh.ssh_port -v xxxx

Generates a KeyError.

The same thing happens in the WebGUI.

I can solve the problem by manually opening the new port in the firewall BEFOREHAND. Okay, that makes sense, of course. It seems that the firewall is not updated automatically. Is that intentional or just an oversight?

Many thanks

Share relevant logs or error messages

CLI:
https://paste.yunohost.org/raw/duxuyeruwa

WebGUI:
no log available.
Here are the lines from Install-Window:
“Es ist ein interner Fehler in Yunohost aufgetreten”
“Unerwarteter Serverfehler”

Saving the new configuration…
Konfiguration aktualisiert für ‘ssh’
Konfiguration aktualisiert für ‘fail2ban’
Post-change hook for setting failed : 123
Anwenden der neuen Konfiguration fehlgeschlagen: Ein unerwarteter Fehler ist aufgetreten
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py”, line 607, in set
self._apply(self.form, self.config, previous_settings)
File “/usr/lib/python3/dist-packages/yunohost/settings.py”, line 264, in _apply
trigger_post_change_hook(
File “/usr/lib/python3/dist-packages/yunohost/settings.py”, line 291, in trigger_post_change_hook
f(setting_name, old_value, new_value)
File “/usr/lib/python3/dist-packages/yunohost/settings.py”, line 345, in reconfigure_ssh_and_fail2ban
firewall_reload()
File “/usr/lib/python3/dist-packages/yunohost/firewall.py”, line 566, in firewall_reload
if firewall.apply(upnp=not skip_upnp):
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/yunohost/firewall.py”, line 184, in apply
if not self.config[“tcp”][ssh_port][“open”]:

KeyError: 123

artlog · October 15, 2025, 11:36am

@tinder

there is ssh_port variable so it should be possible to change it.
Once reviewing code, your problem might be related to a recent change (14/09/2025, applies to 12.1.24 ) commit f6d08477c7ea47f3f57c787d66dd7c470dd8ba51
that did add the line of code that generate the exception.

artlog · October 15, 2025, 11:51am

According to this old closed issue Firewall not reloaded when regen-conf ssh after changing port · Issue #1946 · YunoHost/issues · GitHub it is fully valid to change ssh service default port.

artlog · October 15, 2025, 11:57am

@tinder This seems time for you to open an issue in GitHub - YunoHost/issues: General issue tracker for the YunoHost project