Advantages of Changing SSH Port

First, I want to explain the reasons behind changing the ssh port of a server.
Why changing ssh port when you have a strong password and/or a certificate? Additionally, it is always a good advice to use iptables rules to limit brute forcing attacks. For example, you can limit login attempts per IP address/minute.
The main reason to change the port is that malicious internet users usually probe each IP address on well known ports such as port 22. After collecting a list of IPs, they start password brute force to guess usernames/passwords.
Although changing ssh server port sounds like the right solution, it is very important to make sure the new port is not blocked by the firewall rules or doesn’t pose a conflict.

Strict User Policy Vs ssh port change

As I already mentioned hiding the SSH port is not the the right solution to the problems it purports to solve. There is a need for more than just some uncommon port to use. If you look around, you will easily find port scanning tools. These programs are used to find all open ports of a server. It may take some time to find the new port of the ssh server, but will not prevent the malicious users from brute- forcing the SSH server afterwards. As I already mentioned, here are the three points to consider when hardening the SSH server.
1. Imposing strong SSH passwords policy
2. Limiting the maximum amount of incoming SSH connections from a single IP
3. Limiting the connection attempts from a single IP on a time basis.

Actual Steps In Changing SSH Port

1. You will need ssh connection to the server.
2. use your favorite text editor. I am using nano.
nano /etc/ssh/sshd_config
3. Find the line # Port 22
Remove the # and change the port number to your desired one.
4. Restart the ssh server
service sshd restart
4. If you are logging to your server with a public key instead of password, you should look at the Home directory of your local user (Unixes). Find the config file inside the ./ssh directory and find the line
Port 22
and change the port number to the one of the server.


Leave a Reply

Your email address will not be published.

Related Posts

Linux System Administration

SSH Hardening Techniques

SSH Hardening Techniques These are the top practices to harden ssh. In this article I am going to list the best and most important open ssh server security practices. SSH protocol is the best option Read more…

Linux System Administration

How To Use Public Key Authentication Instead Of Password

Password Login Belongs To The Past Public key authentication is an easier and more reliable compared to the old- fashioned password-based login. Keys are basically less prone to brute-force attacks. If you want to force Read more…

Linux System Administration

How To Find The Largest Files In Linux

Why Find The Largest Files In Linux Before starting with the tutorial let me clarify why will somebody need finding the largest files in Linux. There could be several reasons. All the reasons boil down Read more…