Port SSH don't change

3fla1416 · October 26, 2025, 8:03am

What type of hardware are you using: Old laptop or computer
What YunoHost version are you running: 12.1.32
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: No

Describe your issue

My SSH port don’t change with the yunohost webapp or with “yunohost settings set security.ssh.ssh_port -v ”

So for the moment i change the sshd_config files manually.

I remember from months ago i have change the sshd config files to remove the ecdsa host_key and other ssh vulnerability (SSH Configuration Auditor)

That’s it if i can’t use the yunohost tool for changing the ssh port ?

Share relevant logs or error messages

root@server:/etc/ssh# cat sshd_config |grep Port
Port 22000
root@server:/etc/ssh# yunohost settings set security.ssh.ssh_port -v 1022
Security
SSH
Info: Saving the new configuration…
Success! Config updated as expected
root@server:/etc/ssh# cat sshd_config |grep Port
Port 22000

artlog · October 26, 2025, 9:00am

Hi @3fla1416

We can request what yunohost sees in its configuration with get, and have more traces with --debug :

yunohost settings get security.ssh.ssh_port --debug

and try to set it with traces

yunohost settings set security.ssh.ssh_port -v 1022 --debug

Regards

otm33 · October 26, 2025, 9:40am

Hello @3fla1416
You can also try

yunohost tools regen-conf ssh --dry-run --with-diff

IMHO all the changes you’ve made will be pending.

3fla1416 · October 26, 2025, 11:02am

the --debug are not very consitant !
Juste say ok, but no!

Blockquote
pierre2@server:/etc/ssh$ sudo yunohost settings set security.ssh.ssh_port -v 1022 --debug
29 DEBUG acquiring lock…
36 DEBUG lock has been acquired
360 DEBUG loading python module yunohost.settings took 0.324s
361 DEBUG processing action ‘yunohost.settings.set’
361 DEBUG Import and parse pre-answered options
389 DEBUG initializing root ldap interface
391 DEBUG Ask unanswered question and prevalidate data
Security
SSH
1439 INFO Saving the new configuration…
1442 SUCCESS Config updated as expected
1442 DEBUG To view the log of the operation ‘Apply settings’, use the command ‘yunohost log show 20251026-105932-settings_set’
1447 DEBUG action executed in 1.086s
1448 DEBUG lock has been released
pierre2@server:/etc/ssh$ cat sshd_config |grep Port
Port 22000

Blockquote
pierre2@server:/etc/ssh$ sudo yunohost log show 20251026-105932-settings_set
description: Apply settings
log_path: /var/log/yunohost/operations/20251026-105932-settings_set.log
logs:
2025-10-26 11:59:33,768: INFO - Saving the new configuration…
2025-10-26 11:59:33,770: SUCCESS - Config updated as expected
metadata:
args:
key: security.ssh.ssh_port
value: 1022
ended_at: 2025-10-26 11:59:33
error: None
interface: cli
operation: settings_set
parent: None
related_to:
started_at: 2025-10-26 11:59:32
started_by: pierre2
success: True
yunohost_version: 12.1.32
metadata_path: /var/log/yunohost/operations/20251026-105932-settings_set.yml
name: 20251026-105932-settings_set

3fla1416 · October 26, 2025, 11:12am

Thank’s for this command, it’s nice to know what i have make on the file.
But, that’s confirm what i say before.

Well, maybe the “yunohost settings set security.ssh.ssh_port -v 1022” don’t say the correct warning ?

otm33 · October 26, 2025, 11:13am

… not so idle
If you manually change sshd_config, YunoHost tools stop handling it. When you run yunohost settings set security.ssh.ssh_port -v, it doesn’t update the configuration file; it only retrieves the SSH port, checks if this port is open in the firewall, and opens it if necessary.
So, either you manage everything manually (firewall, fail2ban), or you manage it using the YunoHost tools.

Therefore, if you manually change the SSH port from X to Y in sshd_config and run yunohost settings set security.ssh.ssh_port -v Z, it will correctly open port Y in the firewall

3fla1416 · October 26, 2025, 1:54pm

Blockquote
Therefore, if you manually change the SSH port from X to Y in sshd_config and run yunohost settings set security.ssh.ssh_port -v Z, it will correctly open port Y in the firewall

No, i have try and also reload the firewall, that does not open the port.
sudo yunohost firewall reload

I do it manually.

Thank’s for your help.
That’s not a big trouble for now. Maybe with a big change on sshd.

otm33 · October 26, 2025, 2:11pm

It’s not just reloading the firewall that opens the port.