How to change port in linux server ?

Changing ports on a Linux server is a fundamental task in server management and security optimization. Default ports, such as 22 for SSH, are well-known and often targeted by automated attacks. By altering these default ports, administrators can help prevent unauthorized access and reduce the risk of brute-force attacks. Changing ports isn’t just a matter of security—it can also aid in organizing services and ensuring compatibility with specific network requirements.

Configuring the New Port

Configuring a new port in Linux requires a series of steps to ensure both the security and accessibility of the service being modified. Changing the port, especially for essential services like SSH, involves updating configuration files, adjusting firewall settings, and testing to confirm that the service is available on the newly configured port.

Editing Service Configuration Files

The first step in changing a port is to edit the configuration file associated with the specific service. For instance, to change the SSH port, you would modify the sshd_config file located at /etc/ssh/sshd_config. Locate the line with Port 22 (or the current port number) and replace it with the desired port. After saving the file, remember that changes to configuration files require a service restart to take effect.

Changing the SSH Port in /etc/ssh/sshd_config

To alter the SSH port, follow these steps:

  1. Open the SSH configuration file in a text editor (such as nano or vim):
    sudo nano /etc/ssh/sshd_config
  2. Locate the line containing Port 22, change 22 to your preferred port number, such as 2222.
  3. Save and close the file.

Remember to select a port not commonly used by other services and ideally a number greater than 1024 to avoid conflicts with reserved ports.

Updating Firewall Rules for New Port Access

After configuring the new port, update the firewall to allow traffic through it. For example, if using firewalld, run:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

If using iptables, add rules to accept connections on the new port. Failure to adjust firewall settings could result in being locked out of the server on the new port.

Testing the New Port Configuration

Once the new port is set up and the firewall is updated, restart the SSH service to apply the changes:

sudo systemctl restart sshd

To verify, try connecting to the server using the new port:

ssh -p 2222 user@server_ip

Testing ensures that the configuration is correct and that you can access the server on the new port without issues.

Restarting and Enabling Services

After configuring a new port for a service on a Linux server, it’s essential to restart the relevant service to apply the changes. Additionally, ensuring that the service is enabled to start automatically on boot is important for consistent access. This section covers the necessary steps for restarting services and enabling them for automatic startup.

Restarting the SSH Service

If you have changed the SSH port or modified another service’s port, you need to restart the service to apply the new configuration. For SSH, the command is:

sudo systemctl restart sshd

This command restarts the SSH service (sshd) and applies any recent changes made in the configuration file, such as port alterations. Without this restart, the new settings will not take effect, which can prevent connection attempts to the updated port.

Enabling the Service to Start on Boot

To ensure that the service remains active after a system reboot, it’s advisable to enable the service. This step is especially useful for critical services like SSH, which need to be available immediately upon system startup.

For SSH, use the following command:

sudo systemctl enable sshd

This command configures SSH to start automatically on system boot. By enabling essential services, administrators ensure consistent access and avoid potential downtime caused by services not starting on reboot.

Reloading Firewall Rules

In cases where firewall rules have been modified to allow a new port, reloading the firewall is necessary to apply these changes. For firewalld, the command is:

sudo firewall-cmd --reload

This reloads the firewall settings, ensuring that the new port is accessible as configured. Ensuring firewall rules align with service configurations is crucial for preventing accidental lockouts and maintaining secure access.

Verifying Port Change Success

After configuring a new port and restarting the relevant services, it’s crucial to verify that the port change has been successfully applied. This step ensures that the server remains accessible and that any firewall and configuration changes are functioning as intended.

To verify the new port, attempt to connect to the server using the newly configured port. For example, if you changed the SSH port to 2222, use the following command:

ssh -p 2222 user@server_ip

If the connection succeeds, the port change was applied correctly, and the firewall is permitting access. In cases where the connection fails, double-check the configuration file for errors, ensure that the firewall settings are correct, and confirm that the service has been restarted to apply the new configuration.

Additionally, you can verify open ports and their statuses by using commands such as netstat or ss:

sudo netstat -tuln | grep 2222

This command will display active network ports, allowing you to see if the service is actively listening on the new port. Successful verification helps avoid potential access issues and confirms the server’s security configuration.

Why Change the Default Port?

Default ports are typically the first target for malicious entities attempting unauthorized access. For instance, SSH commonly uses port 22, making it a vulnerable target. Changing the default port means adding an additional layer of security, making it harder for automated scripts to locate and target services. This change can also reduce the volume of log-in attempts, easing server resource usage and enabling easier monitoring of genuine access attempts.

Security Benefits of Changing Default Ports

Modifying default ports is one of many “security through obscurity” methods. While it’s not a standalone security solution, it complements firewalls, intrusion detection systems, and other security measures. When combined, these efforts help enhance the overall security of the Linux environment, making it less accessible to automated threats and creating a safer server environment for legitimate users.

Conclusion

Changing ports on a Linux server is a straightforward yet impactful step in securing access and managing network services. By moving away from default ports, configuring firewalls appropriately, and following best practices for port management, administrators can significantly reduce the risk of unauthorized access and optimize server performance. Regular reviews and testing of port configurations ensure that the system remains secure and accessible, aligning server operations with best practices in server management.

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments