Changing the SSH port

SSH is one of the most commonly attacked services as it provides easy access to full control of a Dedicated Server. Changing the default SSH port will help prevent an attacker from launching brute force attacks to the default port.

Linux/CentOS:

• Login to your server as root.

• Within the command line, execute the command line nano /etc/sysconfig/iptables to edit the IPTables configuration file. Add the following line to the configuration file: -A INPUT -m state --state NEW -m tcp -p tcp --dport someportnumber -j ACCEPT directly below line -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT in the configuration file. Save and exit by holding down "ctrl" and "x".

• Within the command line run the command service iptables restart to restart the IPTables service

• Run the command service iptables status to see if the new rule has been applied (optional).

• Edit the SSH configuration file with the command nano /etc/ssh/sshd_config. Modify the line #port 22 by removing "#" and replacing "22" to your new desired port number you opened on the IPTables configuration. Save and exit by holding down "ctrl" and "x".

• Within the command line, execute service sshd restart to restart the SSH service.

• If you can still access the command line, type ss -tnlp | grep ssh to verify SSH is listening on the new port (optional).

• Connect to the server via SSH using the new port you selected.

• Run the command nano /etc/sysconfig/iptables to edit the IPTables configuration file again. Comment out line -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT by adding "#" in the beginning of the line to block all connectivity to port 22. Save and exit by holding down "ctrl" and "x".

• Execute the command service iptables restart to restart the IPTables service.

Linux/Debian/Ubuntu:

• Login as the server as root (or gain root access by executing sudo su).

• Check to see the status of the firewall by executing ufw status. If the firewall is active then you need to add a rule to allow connections for our new SSH port. This can be done by executing ufw allow newportnumberhere/tcp.

• Execute nano /etc/ssh/sshd_config and look for the line that contains "Port 22".

• Change the number "22" to any unused port you'd like. Save and exit by holding down "ctrl" and "x".

• Restart the SSH service by executing restart ssh within the command line. For Debian, execute service ssh restart.

• If you can still access the command line, type ss -tnlp | grep ssh to verify SSH is listening on the new port (optional).

• Start a new SSH session on the new port.

• Delete the old firewall rule for the old port by executing ufw delete allow 22/tcp.

If you have any questions, please contact us for support.