Curious if anyone has successfully changed the ssh port on xcp-ng. I have public key authentication setup without issue, but, when I change the port in the sshd_config file & restart the service it quits working on the default port as expected, but can’t access it on the new port either. Thinking an extra step I’m missing? Researched and haven’t come up with anything, figured I would ask here… Thank you!
Stupid question, but did you allow the new port through the firewall?
Do you have Suricata running and have the Emerging Threats rules loaded? ET will block connections based on their type, and throw an error of XXX on nonstandard port.
Didn’t realize xcp-ng had any sort of firewall enabled, I’ve tried various linux cli firewall commands and nothing works on it, my thought was an internal firewall rule of some sort that needs to be changed, but can’t find anything. Never used Suricata before so can’t comment on that. I am using ssh locally into my xcp-ng server, which I can do without an issue, just trying to make it more secure by changing the default port. I have successfully changed the default ssh port on all my VM’s, pFsense, home assistant etc, just can’t get it to work on xcp-ng itself.
Not sure why you are changing the port but XCP-NG uses iptables. You can use:
iptables -L
to get a list of the rules.
2 Likes
Just tinkering on the homelab, security, would of been the only thing not on another port lol. Main reason being learning new things. Never messed with iptables before, didn’t know anything about them until now! Did some research & was able to add a rule in iptables and get it working. I appreciate you sharing your knowledge, I really enjoy & learn a LOT from your videos, especially related to xcp-ng & pFsense. Thanks for all you do Tom!! 
2 Likes