# SSH

## Port change

In version from Ubuntu newer than 22.04, the SSHD is controlled by
Systemd and no longer with the older process way. To change the port, it
needs to be done by changing the config from Systemd

A ssh.socket socket is activated in Systemd to listen to the port, when
triggered, it will start the ssh.service (which does not need to be
started beforehand, it save memory if no ssh connection is done)

It is done that way on the OVH VPS:

1.  Changing the port in a `listen.conf` file
    1.  sudo nano /etc/systemd/system/ssh.socket.d directory (do not
        change in /lib/systemd...)

``` yaml
[Socket]
# Uncomment the following line to turn of listening on port 22.
ListenStream=
ListenStream=0.0.0.0:xxxxx
```

The empty `ListenStream` is necessary to prevent default port
activation. the 0.0.0.0 is for IP v4, use [::] for IP v6. Ubuntu
default instruction for port to be IP v6 is not specified.

Use `systemctl show ssh.socket` to see the config of the socket

1.  Restart the services
    1.  `sudo systemctl daemon-reload`
    2.  `sudo systemctl restart ssh.socket`

It seems, it should be possible to only do the change with

1.  `sudo systemctl edit ssh.socket`

then do the reload/restart

Then, when calling ssh, do not forget to add -p <port> (see Bitwarden
for port)

To check ssh access, use Systemd login:

``` bash
journalctl -u ssh -n 50 -e --no-pager
```

In Systemd, 'ssh' without other information is defaulted to service.
So ssh.socket needs to be explicit to see the socket instead of the
service.

That Systemd logging is used by fail2ban to function.

[One info page](https://lafibre.info/serveur-linux/changer-le-port-de-ssh-ubuntu-24-04/)