Image

Knowledge base → Changing the port in the Linux SSH service

[Virtual servers]
Date of publication: 14.10.2023

The SSH puncture allows you to connect to the console of a Linux server and manage it, while maintaining the security of information transfer, since the connection is encrypted. By default, the ssh port is 22 and is always configured so that the client can always connect to the server if desired and change it if desired.

In most cases, it is recommended to change the port from 22 to your own; this is done to reduce the number of connections by bots from the Internet. They scan many IPs for open port 22 and, when found, begin to guess the password. Thus, after just a week, the log will contain a huge number of entries about attempts to log in under different users and passwords.

We have already written about how to set up two-factor authentication in ssh; you can find the material in our knowledge base by using the search.

1. Change the port in the configuration file

nano /etc/ssh/sshd_config

...
Port 2223
...

2. After changing the settings, you need to restart the service:

2.1 For Linux Debian\Ubuntu

service ssh restart

2.2 For Linux Centos\Alma\Rocky

service sshd restart

3. Let's check the changes made

3.1 For Linux Debian\Ubuntu

apt install net-tools
netstat -tulpan | grep ssh

3.2 For Linux Centos\Alma\Rocky

yum install net-tools
netstat -anp | grep ssh

3.3 The output will indicate the ip and port on which the service is now running

tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 5156/sshd
tcp 0 52 xx.ip.xx.ip:2223 xx.ip.xx.ip:56136 ESTABLISHED 4632/sshd: root@pts
tcp6 0 0 :::2223 :::* LISTEN 5156/sshd
unix 3 [ ] STREAM CONNECTED 480431222 5156/sshd
unix 2 [ ] DGRAM 479429329 4632/sshd: root@pts

4. Add a new port to iptables

iptables -I INPUT -p tcp -m tcp --dport 2223 -j ACCEPT
service iptables save

5. Now you can check the work

ssh user@ip_or_host -p2223

or

ssh user@ip_or_host:2223

As a client use:

  • Putty
  • MobaXterm
  • Xshell Netsarang




No Comments Yet