Introduction:
Securing your server is a top priority, and one effective measure to bolster your system’s defense is changing the default SSH (Secure Shell) port. By doing so, you can enhance security and reduce the risk of unauthorized access. This tutorial guides you through the process of changing the SSH port on your server.
Why Changing SSH Port is Important?
Changing the default SSH port from the standard port 22 adds an extra layer of security to your server. The default port is well-known to attackers, and they often target it in their attempts to gain unauthorized access. By choosing a non-standard port for SSH, you make it more challenging for automated bots and malicious actors to discover and exploit vulnerabilities. While changing the port alone is not a foolproof security measure, it adds an element of obscurity, making your server less susceptible to common attacks.
Step 1: Connect to Your Server:
Start by connecting to your server using your preferred terminal or SSH client. Log in with your root credentials using the following command:
ssh username@your_server_ip
Replace “username” with your actual username and “your_server_ip” with your server’s IP address.
Step 2: Backup Your SSH Configuration File (Optional but Recommended):
Before making changes, it’s a good practice to create a backup of your SSH configuration file. Use the following command to create a backup:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
Step 3: Locate the SSH Configuration File:
Navigate to the SSH configuration file using the following command:
sudo nano /etc/ssh/sshd_config
This command opens the configuration file in the Nano text editor. If Nano is not installed, you can use an alternative editor like Vim or Emacs.
Step 4: Locate the ‘Port’ Line:
Within the configuration file, find the line that starts with ‘Port.’ The default SSH port is usually set to 22. Change this number to your desired port, ensuring it falls within the unprivileged port range (1024-65535) and is not already in use.
For example:
Port 2222
Step 5: Save and Close the File:
After modifying the port number, save the changes and close the text editor. In Nano, you can do this by pressing Ctrl + X, then Y to confirm the changes, and finally, Enter to exit.
Step 6: Add the New SSH Port to the Firewall:
Update your firewall settings to allow traffic on the new SSH port. Use the following command to open the specified port:
For UFW (UFW is commonly found on Ubuntu and Debian systems):
sudo ufw allow [your_new_port_number]
For iptables:
sudo iptables -A INPUT -p tcp --dport [your_new_port_number] -j ACCEPT
For firewalld (firewalld is commonly found on CentOS and Rocky Linux systems):
sudo firewall-cmd --add-port=[your_new_port_number]/tcp --permanent sudo firewall-cmd --reload
Step 7: Restart the SSH Service:
To apply the changes, restart the SSH service using the following command:
sudo service ssh restart
Alternatively, you can use the systemctl command on systems that use systemd:
sudo systemctl restart ssh
Step 8: Confirm the New Port:
Disconnect from the current SSH session and attempt to reconnect using the new port:
ssh -p [your_new_port_number] username@your_server_ip
Replace “[your_new_port_number]” with the port you selected, “username” with your actual username, and “your_server_ip” with your server’s IP address.
Conclusion:
Changing the SSH port is a simple yet effective strategy to enhance the security of your server. By following these steps, you can customize the port, reduce the likelihood of unauthorized access, and strengthen the overall security posture of your system. Always ensure that you update your firewall settings to allow traffic on the new SSH port to maintain seamless connectivity, regardless of the firewall tool you are using.
Nilesh R. Agrawal 