The SSH puncture allows you to connect to the console of a Linux server and manage it, while maintaining the security of information transfer, since the connection is encrypted. By default, the ssh port is 22 and is always configured so that the client can always connect to the server if desired and change it if desired.
In most cases, it is recommended to change the port from 22 to your own; this is done to reduce the number of connections by bots from the Internet. They scan many IPs for open port 22 and, when found, begin to guess the password. Thus, after just a week, the log will contain a huge number of entries about attempts to log in under different users and passwords.
We have already written about how to set up two-factor authentication in ssh; you can find the material in our knowledge base by using the search.
1. Change the port in the configuration file
nano /etc/ssh/sshd_config
...
Port 2223
...
2. After changing the settings, you need to restart the service:
2.1 For Linux Debian\Ubuntu
service ssh restart
2.2 For Linux Centos\Alma\Rocky
service sshd restart
3. Let's check the changes made
3.1 For Linux Debian\Ubuntu
apt install net-tools
netstat -tulpan | grep ssh
3.2 For Linux Centos\Alma\Rocky
yum install net-tools
netstat -anp | grep ssh
3.3 The output will indicate the ip and port on which the service is now running
4. Add a new port to iptables
iptables -I INPUT -p tcp -m tcp --dport 2223 -j ACCEPT
service iptables save
5. Now you can check the work
ssh user@ip_or_host -p2223
or
ssh user@ip_or_host:2223
As a client use:
- Putty
- MobaXterm
- Xshell Netsarang