Content
Changing the SSH port
The SSH (Secure Shell) protocol is primarily known for providing secure remote access to servers. However, its versatility extends beyond remote shell access. The SSH protocol can also be utilised for various other purposes, including securely transferring files between machines and creating secured TCP tunnels.
One significant benefit of using SSH for file transfer is the added layer of security it provides. Traditional file transfer methods, such as FTP (File Transfer Protocol), transmit data in clear text, leaving it vulnerable to interception and unauthorised access. In contrast, SSH file transfer ensures that data is encrypted, protecting it from potential threats.
To transfer files using SSH, the protocol employs the SFTP (SSH File Transfer Protocol) subsystem. SFTP enables users to securely upload, download, and manage files on remote systems. It supports various operations, such as file and directory creation, deletion, renaming, and permission management.
In addition to file transfer, SSH can be used to create secured TCP tunnels. This feature, often referred to as SSH tunnelling or port forwarding, allows users to securely relay network traffic between two machines. By encapsulating the traffic within an SSH connection, SSH tunnels provide an additional layer of encryption and authentication.
Step-by-step guide to changing the SSH port
Changing the SSH port is essential for enhancing the security of your server. By following this step-by-step guide, you have effectively made it more difficult for potential attackers to find a way to connect to your server. If you leave the default port value, potential attackers will have an easier time finding a way to connect to your server.
How to change the SSH port
The first thing you need to do once you have successfully logged into your server is to change the ‘/etc/ssh/sshd_config’ file.
IMPORTANT: Please make a backup of this file before making any changes.
Step #1.
Open / / etc / ssh / sshd_config in a text editor (the editor is not important, in this example we use nano)
# nano /etc/ssh/sshd_config
Step #2.
Comment out the #Port 22 line and change the value to your desired one
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
Next, depending on the firewall running in the system, create a rule that will not deny connections to the new port
For iptables:
#iptables -I INPUT -s 0.0.0.0/0 -p tcp -m tcp --dport [new port number] -j ACCEPT #iptables-save
For the firewall
# firewall-cmd --permanent --zone=public --add-port=2234/tcp # firewall-cmd --reload
Restart the SSH service
To ensure that your changes are applied, you will need to restart SSH. This command will allow you to do so:
# service sshd restart
When you restart the service, the connection will be broken. Next, when connecting to the server, you must specify the port number, for example
$ ssh root@111.222.223.224 -p 22777
Conclusion
By following these steps, you can easily change the SSH port on your server(s) to enhance its security. By changing the default port from 22 to a custom port number, you make it more difficult for attackers to guess and gain access to your server.
Remember to restart the SSH service after modifying the configuration file to ensure the changes take effect.