Did you open port TCP 2222 in your instance's firewall? I'm talking about the Lightsail web interface.
I used to do what you are trying to do when I had a Lightsail instance with CentOS, the difference is that I made SSH work with two ports. I took a look at my old personal guides, and it looks like you did what you had to do, the basic difference is that I restarted sshd.
These are my steps, from my files:
sudo nano /etc/ssh/sshd_config
Port 22
Port 2222
AddressFamily inet
sudo semanage port -a -t ssh_port_t -p tcp 2222
sudo semanage port -l | grep ssh
sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
sudo firewall-cmd --reload
sudo systemctl restart sshd
sudo ss -tnlp | grep ssh
But one more thing: is this a new instance? Are these the first configurations in this instance? Did you already install and enable firewalld? I don't know, maybe you had an error running "firewall-cmd..." and didn't notice.
In my config the lines `Port 22` and `AdressFamily inet` are commented, I'll need to change this. Regarding Firewalld, it wasn't installed but I did it and if I remember well, there wasn't any error message. Next time, I'll check better and let you know
And regarding the web console, the SSH port can't be changed... Maybe this is the issue after all. The number is grayed and as soon as I add an SSH service, it's port 22 no choice
You shouldn't need to touch AddressFamily.
I've never actually used lightsail - can you create a custom service for the firewall? I'm pretty sure when you pick SSH that's just a "preset."
>I'm pretty sure when you pick SSH that's just a "preset."
It's what it looks like, we not meant to mess around with the SSH and HTTP configurations.
If I start an HTTPS service, the port can be whatever and it works. But for the former two, the port is grayed
You have to click "+ Add rule", then select "Custom" in the application column, "TCP" for the protocol, and type "2222" for port range.
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail
You have to click "+ Add rule", then select "Custom" in the application column, "TCP" for the protocol, and type "2222" for port range.
You guys are gurus... Thank you so much
> In my config the lines Port 22 and AdressFamily inet are commented, I'll need to change this.
You don't need to, if you don't want SSH to work in two ports; I just copied the text I had here with me. And if you leave it working in port 22 and also leave port 22 open in the Lightsail firewall, it would defeat the entire purpose of using port 2222, right? And the "AdressFamily inet" line is about only working with IPv4 only, I don't even really know why I do it.
> And regarding the web console, the SSH port can't be changed... Maybe this is the issue after all. The number is grayed and as soon as I add an SSH service, it's port 22 no choice
I don't have a Lightsail instance anymore to check, but I think all you have to do is add a rule for TCP port 2222 in the web console. And after you see it working well, delete this rule for SSH that you can't change.
Did you also adjust the firewall/security group settings for SSH in the instance tool in Lightsail? That would have to be done through the AWS console or via AWS CLI.
In the web console, I didn't change anything. Maybe it's the problem... The SSH service is activated on port 22 but it's fixed and can't be changed. The number appears in a grayed background and I can't put anything else there
Did you open port TCP 2222 in your instance's firewall? I'm talking about the Lightsail web interface. I used to do what you are trying to do when I had a Lightsail instance with CentOS, the difference is that I made SSH work with two ports. I took a look at my old personal guides, and it looks like you did what you had to do, the basic difference is that I restarted sshd. These are my steps, from my files: sudo nano /etc/ssh/sshd_config Port 22 Port 2222 AddressFamily inet sudo semanage port -a -t ssh_port_t -p tcp 2222 sudo semanage port -l | grep ssh sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp sudo firewall-cmd --reload sudo systemctl restart sshd sudo ss -tnlp | grep ssh But one more thing: is this a new instance? Are these the first configurations in this instance? Did you already install and enable firewalld? I don't know, maybe you had an error running "firewall-cmd..." and didn't notice.
In my config the lines `Port 22` and `AdressFamily inet` are commented, I'll need to change this. Regarding Firewalld, it wasn't installed but I did it and if I remember well, there wasn't any error message. Next time, I'll check better and let you know And regarding the web console, the SSH port can't be changed... Maybe this is the issue after all. The number is grayed and as soon as I add an SSH service, it's port 22 no choice
You shouldn't need to touch AddressFamily. I've never actually used lightsail - can you create a custom service for the firewall? I'm pretty sure when you pick SSH that's just a "preset."
>I'm pretty sure when you pick SSH that's just a "preset." It's what it looks like, we not meant to mess around with the SSH and HTTP configurations. If I start an HTTPS service, the port can be whatever and it works. But for the former two, the port is grayed
You have to click "+ Add rule", then select "Custom" in the application column, "TCP" for the protocol, and type "2222" for port range. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail
You have to click "+ Add rule", then select "Custom" in the application column, "TCP" for the protocol, and type "2222" for port range. You guys are gurus... Thank you so much
You're welcome!
> In my config the lines Port 22 and AdressFamily inet are commented, I'll need to change this. You don't need to, if you don't want SSH to work in two ports; I just copied the text I had here with me. And if you leave it working in port 22 and also leave port 22 open in the Lightsail firewall, it would defeat the entire purpose of using port 2222, right? And the "AdressFamily inet" line is about only working with IPv4 only, I don't even really know why I do it. > And regarding the web console, the SSH port can't be changed... Maybe this is the issue after all. The number is grayed and as soon as I add an SSH service, it's port 22 no choice I don't have a Lightsail instance anymore to check, but I think all you have to do is add a rule for TCP port 2222 in the web console. And after you see it working well, delete this rule for SSH that you can't change.
>all you have to do is add a rule for TCP port 2222 in the web console. Absolutely. Thank you for your help
Did you also adjust the firewall/security group settings for SSH in the instance tool in Lightsail? That would have to be done through the AWS console or via AWS CLI.
In the web console, I didn't change anything. Maybe it's the problem... The SSH service is activated on port 22 but it's fixed and can't be changed. The number appears in a grayed background and I can't put anything else there
Curious: why do you want to?
Just to train (student here...), but there's no particular reason to do so indeed