Changing ssh port 22 to a custom port in azure resource group vm

Question

may I know how to change ssh port 22 to a custom port in azure resource group vm? I know i can change the endpoints easily on vm classic. But how can i change ssh 22 to other port number for ssh on resource group vm on the new portal? thanks.

Answer 1

You can’t use the new type of VM with a resource manager on old portal so you have no choice but to use the new Azure portal https://portal.azure.com.

Let’s see what you will get when you create a new VM with a resource manager.

By default, you will get the following things when you create a VM but of course, you have an option to choose what to create or what to re-use during the setup. •Virtual machine •Network Interface •Network Security Group •Public IP Address •Virtual network •Storage Account

Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop.

Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well.

Answer 2

First you must do the following steps:

Once you are logged in to the server as root we can begin editing the sshd_config file. As with any modification to an important server file, it is always a good idea to back it up before making any changes:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim) and locate the line that specifies the port. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (example below).

sudo nano /etc/ssh/sshd_config

The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222 (which is used by Windows servers but not by default on Linux servers).

Remove the # symbol and change the port number

second you must do the following steps:

1. Go to your azure portal and select all resources
2. Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop (see Figure 2).

3. Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well. e same port that you put in the file /etc/ssh/sshd_config in destination port range (see Figure 3).

Answer 3

None of these fully worked for me.

I found a working answer on Youtube https://www.youtube.com/watch?v=zkr-RMcGuk0

Which involved added the following redirect.

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j REDIRECT --to-port 22

Answer 4

Out of curiosity, why do you want to change the ssh port? The approach will depend on why you want to do it, but one way would be as follows:

1. ssh into the VM on port 22 and make the ssh daemon listen on whichever port you want. This link describes how to do it (you can ignore the part about iptables if you aren't using it): http://support.hostgator.com/articles/hosting-guide/lets-get-started/linux-dedicated-hosting/how-to-change-the-ssh-port-on-dedicated-and-vps

2. exit your ssh connection and ssh back in on your new port of choice

Alternatively, you could put your VM behind a load balancer that maps some other port to port 22 on the VM (e.g. https://azure.microsoft.com/en-us/documentation/articles/load-balancer-get-started-internet-arm-ps/#create-lb-rules-nat-rules-a-probe-and-a-load-balancer).

Answer 5

One important clarification to the portal answer is to make sure you specify a source-port-range of '*' for your inbound rule and a priority that is lower than the default rules. Typically 100-400 is a good priority range.

Unlike classic deployments, resource manager deployments don't have "endpoints" but rather inbound and outbound "rules" which is really a filter applied to the connection. The result is that the port you want to open to connect to the VM is the "destination-port-range", and the source-port-range specifies the "originating port for this connection", which is typically dynamic -- and thus, for most basic scenarios, should be "any" which is '*'.

The exceptions will be cases in which internally to your vnet you know that the originating port should ONLY be that one port, over there, on that one VM -- in order to be as certain as you can that only that VM/port can connect with this one.

But, in the case in which you want to connect from the internet, it typically needs to be '*'.