Introduction:
Secure Shell (SSH) is a protocol widely used for securely accessing and managing remote servers.
By default, SSH is used on port 22, which is well known and often targeted by attackers. Changing the default SSH port is a simple but effective way to enhance the security of your server by reducing the risk of automated attacks and brute-force attempts. In this article, we’ll explain to you step by step how to change the default SSH port.
Why do need to change the Default SSH Port?
1. Reduce Automated Attacks: Most malicious bots and scripts scan the internet for servers with open port 22. By changing the port, you can significantly reduce the number of automated attacks targeting your server.2. Minimize Brute-Force Attempts: Attackers often use port 22 to launch brute-force attacks. Changing the port makes it harder for them to locate your SSH service.3. Add an Extra Layer of Security: While changing the port alone isn’t a foolproof security measure, it adds a layer of obscurity, making it more difficult for attackers to exploit your server.
Steps to Change the Default SSH Port
Before proceeding, ensure you have root access to the server and a backup method to access it (e.g., console access) in case something goes wrong.
Choose a New Port: Choose a difficult-to-guess port number. Avoid using well-known ports (e.g., 80 for HTTP or 443 for HTTPS) to prevent conflicts with other services. For example, you might choose port 2222 or 54321.
Step 1: Update Firewall Rules: If you’re using a firewall (e.g., ufw or iptables), you’ll need to allow traffic on the new port.
For ufw:
sudo ufw allow 2222/tcpsudo ufw reload
For iptables:
sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
sudo service iptables save
Step 2: Update the SSH port in the SSH Configuration File.
1. Log in to your server via SSH.
2. Open the SSH configuration file in a text editor. The SSH configuration file is located at /etc/ssh/sshd_config. You can use any text editor, here we’ll use vi:
sudo vi /etc/ssh/sshd_config
3. Locate the line that specifies the port. It will look like this:
#Port 22
Remove the # to uncomment the line and change the port number to your chosen value. For example:
Port 2222
4. Save the file and exit the editor.
Step 3: Restart the SSH Service: Apply the changes by restarting the SSH service:
sudo systemctl restart sshd
Step 4: Test the New SSH Port: Before closing your current SSH session, test the new port to ensure it’s working:
ssh username@your_server_ip -p 2222
If the connection is successful, you can proceed to close the old session.
Step 5: Block the Old Port (Optional): Once you’ve confirmed the new port is working, you can block the default port (22) in your firewall for added security:
sudo ufw deny 22/tcp
sudo ufw reload
Additional Security Measures for SSH:
1. Disable Password Authentication: Use Key-Based Authentication for a more secure login method.
2. Restrict SSH Access: You can limit SSH access to specific IP addresses or ranges using firewall rules or the AllowUsers directive in the SSH configuration file.
3. Install Fail2Ban: Set up Fail2Ban to automatically block IP addresses that repeatedly fail to authenticate.
These measures will significantly enhance the security of your SSH access.
Conclusion:
Changing the default SSH port is a simple but effective way to enhance your server's security. While it doesn’t replace other critical security measures, it will reduce the likelihood of your server being targeted by automated attacks and brute-force attempts. By combining this change with other best practices, such as key-based authentication and firewall restrictions, you can significantly improve your system's overall security.
If you encounter any issues while changing the SSH port, you can contact us via chat or by submitting a ticket. Our support team will assist you in updating the SSH port.
Article ID: 2309, Created: February 19 at 6:56 PM, Modified: February 19 at 11:59 PM