Help Center/ Elastic Cloud Server/ Troubleshooting/ SSH Connection Issues/ Why Can't I Access an ECS Running CentOS 7 Using SSH After I Changed the Default SSH Port?
Updated on 2024-08-15 GMT+08:00

Why Can't I Access an ECS Running CentOS 7 Using SSH After I Changed the Default SSH Port?

Symptom

After the default port of the SSH service is changed, and inbound traffic on the new port is allowed by the ECS security group, you cloud not access the ECS using SSH.

Constraints

The operations described in this section apply to ECSs running CentOS 7.

Possible Causes

  1. Log in to the management console and then log in to the ECS using VNC.
  2. Run the following command to check whether firewalld is enabled on the ECS:

    systemctl status firewalld

    Figure 1 firewalld enabled

    As shown in Figure 1, firewalld is enabled.

  3. Run the following command to view the rules in firewalld:
    firewall-cmd --list-all
    Figure 2 firewalld rules

    As shown in Figure 2, the current zone of the firewall is public. By default, only the SSH and dhcpv6-client services are allowed in the public zone. The SSH service uses the default port 22. If the SSH service uses a different port, the SSH connections will be refused.

Solution

  • Method 1: Stop firewalld and Disable Its Automatic Startup

    Use security groups and network ACLs for access control. If firewalld needs to be enabled, perform operations described in Method 2.

    systemctl stop firewalld

    systemctl disable firewalld

  • Method 2: Open Port 55660 in firewalld

    firewall-cmd --add-port=55660/tcp --permanent --zone=public

    firewall-cmd --reload