[doc] Modify the SSH port / Modifier le port SSH

Hello,

The security page of the admin guide provides explanations on how to change the SSH port. I found (too late — I already followed the guide…) that there is a setting (security.ssh.port) that seems to do the job when changed.
Is it the new way of doing that?

Thanks


La page Sécurité du guide d’administration explique comment changer le port SSH. J’ai découvert (trop tard — j’avais déjà suivi la procédure manuelle) qu’il y a un setting (security.ssh.port) qui semble faire le boulot automatiquement…
Est-ce la nouvelle méthode à suivre ?

Merci

Yes it is! I think we forgot to update the documentation about it.

Note that it must be done first, before any other changes to the /etc/ssh/sshd_config file (otherwise no modifications will be done to the file by yunohost settings)

Done in Update security.md to use ssh port setting by tituspijean · Pull Request #1683 · YunoHost/doc · GitHub.

1 Like

@tituspijean Dans yunohost settings la valeur se modifie avec -v (et non pas -p comme pour la commande SSH)…

Et pour security.fr.md, le texte est aussi en anglais (copier/coller trop rapide ?)

Et je pense qu’il y a une espace en trop à la fin de **For the next SSH connections **, ce qui empêche de mettre en gras (en tout cas, c’est comme ça que GH l’affiche).

Plutôt une volonté de faire vite (et donc involontairement mal) pendant la pause déjeuner. C’est corrigé.

1 Like

If the port has been modified, then also this port needs to be used with SFTP. It took me a while to figure this out because I was not aware (or forgot) that SFTP is using SSH.

I would find it useful to mention this in the doc’s. What do you think?

I would mention it in Step 2 of Filezilla config.

1 Like

You’re right — the S of SFTP doesn’t mean the same thing than the S of HTTPS! :smile:
It won’t hurt to remind this on the doc :+1:

2 Likes

Does the command sudo yunohost settings set security.ssh.port -v <new_ssh_port_number> from https://yunohost.org/oc/security#modify-the-ssh-port adds a new port, or replace current? Is it possible to add new port keeping default 22 active?

Sorry if this is in man pages, help doesn’t work when restoring a new instance from backup. =((

This command changes the value inside the variable security.ssh.port; and this is a single integer, not an array. So, this replaces current port.

I guess you have a good reason to need 2 ports… but this sounds a bit strange.

2 Likes

As a follow-up to my previous answer…

The man page for sshd_config says:

Port Specifies the port number that sshd(8) listens on.
The default is 22. Multiple options of this are permitted.

Your first option is then to directly modify /etc/sshd_config. But you’ll get a warning by YNH.

So a better option is to create a script to let YNH do it for you: Share your "hooks" to apply custom configurations- Partagez vos "hooks" pour appliquer des configurations personnelles

I didn’t try, but you can search for “Port 22” and replace it by 2 lines (use \n I guess).

1 Like

No, it’s just to understand how this works… To know if the previous one is available after command execution. And to know what to do after another migration between VPS.

Thank you!