August 18, 2009
Changing your SSH port
Posted by: Robert : Category: Administration
If you have a dedicated server or VPS, you can (AND SHOULD) change the port that SSH listens to… Taking this step alone will drastically cut down the number or attempted break ins on your server. And the best part… it’s really easy to do.
- Login into your server via ssh — don’t close this session until I tell you to!!
- cd /etc/ssh
- cp sshd_config sshd_config.orig
- vi (or vim, pico, etc. – whatever editor you prefer) sshd_config
- find the line that says Port 22
- Remove the # at the begining of the line if there is one.
- Change the 22 to some other number – do NOT use anything less than 1024
- Save & Close the file
- Restart sshd – usually with “service sshd restart” or “/etc/init.d/sshd restart”
- Start ANOTHER session this time connecting to the new port – if prompted to accept the key, do so.
- Provided you get logged in, you’re ok to drop the first connection. If not you need to restore the sshd_config.orig back to sshd_config and restart the ssh server again (step 9).
- Save your new port settings in your client.
One note … if you ssh, scp or rsync from another machine you will need to slightly modify the command lines for the new port.
ssh -p #### … (rest of command) …
scp -P #### … (rest of command) …
rsync -e ‘ssh -p ####’ … (rest of command) …
Stay tuned … tomorrow we’re going to enhance ssh security a little more…
|
About: Robert: Robert Porter holds MCSE, A+, Net+, Security+, and multiple CIW certifications. He has been in the hosting industry for more than a decade and is founder of Lagniappe Internet L.L.C., a privately owned, completely debt free, hosting company based out of New Orleans. Robert's background includes 25+ years in programming, databases, networking and systems administration. |
