What you will read?
Changing the default SSH port is a crucial step in enhancing server security. The default port, 22, is often targeted by automated attacks and brute force attempts. By switching to a custom port, you can significantly reduce the likelihood of unauthorized access to your server.
Additionally, this small adjustment helps in identifying genuine access attempts more easily, as attackers typically focus on default configurations. Whether you’re managing a personal server or a corporate environment, this simple step adds an extra layer of protection to your system.
Steps to Change the SSH Port
Access the SSH Configuration File
Log in to your server using SSH with root or a sudo-enabled account. Open the SSH configuration file located at /etc/ssh/sshd_config
using a text editor, such as nano
or vim
:
sudo nano /etc/ssh/sshd_config
Modify the SSH Port Directive
Find the line starting with #Port 22
. Uncomment the line by removing the #
symbol. Replace 22
with your desired port number, such as 2222
:
Port 2222
Save and Exit the Configuration File
After making the changes, save the file and exit the text editor. In nano
, this can be done by pressing CTRL+O
to save and CTRL+X
to exit.
Adjust the Firewall Rules
Add the new SSH port to the firewall to allow traffic. Use the following command to permit the new port:
sudo firewall-cmd --permanent --add-port=2222/tcp
Remove the old SSH port to ensure it is no longer accessible:
sudo firewall-cmd --permanent --remove-port=22/tcp
Reload the firewall rules to apply these changes:
sudo firewall-cmd --reload
Test the New SSH Port
Open a new terminal session and connect using the new port to ensure everything is configured correctly:
ssh -p 2222 username@your_server_ip
Verify and Secure the Configuration
Check the server logs to confirm that the changes are functioning properly:
sudo tail -f /var/log/secure
After verifying the new port, disable the default SSH port entirely for enhanced security.
Firewall Configuration
Allow the New SSH Port
To enable access to the new SSH port, use the following command:
sudo firewall-cmd --permanent --add-port=2222/tcp
Remove the Default SSH Port
To enhance security, remove access to the default port (22):
sudo firewall-cmd --permanent --remove-port=22/tcp
Reload Firewall Rules
Apply the changes by reloading the firewall rules:
sudo firewall-cmd --reload
Verify the Firewall Configuration
Ensure that the changes have been applied successfully by listing the active ports:
sudo firewall-cmd --list-all
Testing and Verification
Test the New SSH Port
Open a new terminal and attempt to connect to the server using the new SSH port. Replace username
and your_server_ip
with your actual server credentials:
ssh -p 2222 username@your_server_ip
If the connection is successful, it indicates that the new port is correctly configured and accessible.
Monitor SSH Logs
To ensure that there are no issues, monitor the SSH logs for any errors or warnings. Use the following command:
sudo tail -f /var/log/secure
This will display real-time logs related to SSH connections.
Verify Open Ports
Check which ports are open and listening for connections on your server. This helps confirm that the new port is active:
sudo ss -tuln | grep 2222
You should see the new port in the output, indicating that the SSH service is listening on it.
Disable the Old Port After Verification
Once you are confident that the new port is functioning correctly, ensure the old port is disabled for added security.
Conclusion
Changing the SSH port is a simple yet effective way to enhance your server’s security by reducing exposure to automated attacks on the default port. By following the steps to modify the configuration, update the firewall, and test the new settings, you ensure a secure and functional SSH setup. Always verify your changes and keep a backup access method in case of errors during the process. Securing SSH access is a critical step toward building a more robust server environment.