Changing the SSH port
SSH is one of the most commonly attacked services as it provides easy access to full control of a Dedicated Server. Changing the default SSH port will help prevent an attacker from launching brute force attacks to the default port.
Linux/CentOS:
Login to your server as root.
Within the command line, execute the command line
nano /etc/sysconfig/iptables
to edit the IPTables configuration file. Add the following line to the configuration file:-A INPUT -m state --state NEW -m tcp -p tcp --dport someportnumber -j ACCEPT
directly below line-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
in the configuration file. Save and exit by holding down "ctrl" and "x".Within the command line run the command
service iptables restart
to restart the IPTables serviceRun the command
service iptables status
to see if the new rule has been applied (optional).Edit the SSH configuration file with the command
nano /etc/ssh/sshd_config
. Modify the line#port 22
by removing "#" and replacing "22" to your new desired port number you opened on the IPTables configuration. Save and exit by holding down "ctrl" and "x".Within the command line, execute
service sshd restart
to restart the SSH service.If you can still access the command line, type
ss -tnlp | grep ssh
to verify SSH is listening on the new port (optional).Connect to the server via SSH using the new port you selected.
Run the command
nano /etc/sysconfig/iptables
to edit the IPTables configuration file again. Comment out line-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
by adding "#" in the beginning of the line to block all connectivity to port 22. Save and exit by holding down "ctrl" and "x".Execute the command
service iptables restart
to restart the IPTables service.
Linux/Debian/Ubuntu:
Login as the server as root (or gain root access by executing
sudo su
).Check to see the status of the firewall by executing
ufw status.
If the firewall is active then you need to add a rule to allow connections for our new SSH port. This can be done by executingufw allow newportnumberhere/tcp
.Execute
nano /etc/ssh/sshd_config
and look for the line that contains "Port 22".Change the number "22" to any unused port you'd like. Save and exit by holding down "ctrl" and "x".
Restart the SSH service by executing
restart ssh
within the command line. For Debian, executeservice ssh restart
.If you can still access the command line, type
ss -tnlp | grep ssh
to verify SSH is listening on the new port (optional).Start a new SSH session on the new port.
Delete the old firewall rule for the old port by executing
ufw delete allow 22/tcp
.
If you have any questions, please contact us for support.
Last updated