What you will read?
Changing the default SSH port in Kali Linux is a simple yet effective security measure to protect your system from unauthorized access. By default, SSH uses port 22, which is widely known and often targeted by automated attacks and bots. Modifying this port reduces the likelihood of such attacks, providing an additional layer of security.
SSH (Secure Shell) is a critical tool for remote access and management of Linux systems. However, leaving it with default settings, like the standard port, increases vulnerability to brute-force attacks and exploits. Implementing changes such as port modification, combined with other security measures, ensures a safer environment for your system and sensitive data.
Prerequisites
Before making any changes, it’s essential to check the current SSH configuration. This ensures you know the existing settings and can revert them if needed. Use the following command to review the current configuration:
sudo cat /etc/ssh/sshd_config
Updating Kali Linux Packages
Keeping your system up to date is critical to avoid conflicts or issues while modifying configurations. Update the package list and upgrade existing packages using:
sudo apt update && sudo apt upgrade -y
Steps to Change the SSH Port
Locating the SSH Configuration File (sshd_config
)
The primary configuration file for SSH is located in /etc/ssh/sshd_config
. This file contains all settings related to SSH, including the port number.
Backing Up the SSH Configuration File
Before making any changes, create a backup of the current configuration file to ensure you can restore it if needed:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Editing the sshd_config
File
Open the SSH configuration file with a text editor, such as nano or vim:
sudo nano /etc/ssh/sshd_config
Locate the line that specifies the port, which looks like this:
#Port 22
Uncomment the line by removing the #
and change 22
to a new port number, e.g., 2222
:
Port 2222
Choosing a New Port Number
Select a port number between 1025 and 65535 to avoid conflicts with well-known ports. Make sure the chosen port is not in use by other services.
Testing Port Availability
Verify that the new port is not blocked or already in use. You can use the netstat
or ss
command to check:
sudo netstat -tuln | grep <new_port>
Applying the Changes
Restarting the SSH Service
After modifying the configuration, restart the SSH service to apply the changes:
sudo systemctl restart sshd
This command ensures the SSH daemon reads the updated configuration file.
Configuring the Firewall to Allow the New Port
If a firewall like ufw
or iptables
is active, you must allow traffic on the new port. For example, with ufw
:
sudo ufw allow <new_port>/tcp sudo ufw reload
For iptables
:
sudo iptables -A INPUT -p tcp --dport <new_port> -j ACCEPT sudo iptables-save
Verifying the New SSH Port
Test the new SSH port to confirm it’s working:
- Open a new terminal or SSH client.
- Connect using the new port:
ssh -p <new_port> user@your_server_ip
If successful, you can now use the new port for SSH access.
Troubleshooting
Ensuring the SSH Service is Running
If the new SSH port is not working, first verify that the SSH service is active. You can check its status using the following command:
sudo systemctl status sshd
If it is not running, restart the service with sudo systemctl restart sshd
and check for any errors in the output.
Fixing Firewall Configuration Issues
If the SSH service is running but the new port is inaccessible, ensure that the firewall rules allow traffic on the selected port. Review the firewall settings and verify the port is permitted. For example, if using ufw
, run sudo ufw status
to confirm. For iptables
, check the rules with sudo iptables -L -n
. Make any necessary adjustments to allow the new port.
Resolving Connectivity Problems
If the issue persists, confirm that the new port is not being blocked by an external firewall or network settings. Use tools like telnet
or nc
to test connectivity to the port. For instance, you can test with telnet your_server_ip <new_port>
. Additionally, review the SSH logs for detailed error messages, which can be found in /var/log/auth.log
or /var/log/secure
, depending on your system.