How to change ssh port
Advantages of Changing SSH Port
First, I want to explain the reasons behind changing the ssh port of a server.
Why changing ssh port when you have a strong password and/or a certificate? Additionally, it is always a good advice to use iptables rules to limit brute forcing attacks. For example, you can limit login attempts per IP address/minute.
The main reason to change the port is that malicious internet users usually probe each IP address on well known ports such as port 22. After collecting a list of IPs, they start password brute force to guess usernames/passwords.
Although changing ssh server port sounds like the right solution, it is very important to make sure the new port is not blocked by the firewall rules or doesn’t pose a conflict.
Strict User Policy Vs ssh port change
As I already mentioned hiding the SSH port is not the the right solution to the problems it purports to solve. There is a need for more than just some uncommon port to use. If you look around, you will easily find port scanning tools. These programs are used to find all open ports of a server. It may take some time to find the new port of the ssh server, but will not prevent the malicious users from brute- forcing the SSH server afterwards. As I already mentioned, here are the three points to consider when hardening the SSH server.
1. Imposing strong SSH passwords policy
2. Limiting the maximum amount of incoming SSH connections from a single IP
3. Limiting the connection attempts from a single IP on a time basis.
Actual Steps In Changing SSH Port
1. You will need ssh connection to the server.
2. use your favorite text editor. I am using nano.
nano /etc/ssh/sshd_config
3. Find the line # Port 22
Remove the # and change the port number to your desired one.
4. Restart the ssh server
service sshd restart
4. If you are logging to your server with a public key instead of password, you should look at the Home directory of your local user (Unixes). Find the config file inside the ./ssh directory and find the line
Port 22
and change the port number to the one of the server.