debian 12 change ssh port

Changing the default SSH port from port 22 to another port is an effective way to enhance the security of your server. One of the most common attack methods on servers is port scanning, where attackers automatically check for open ports like the default port 22 used for SSH. By changing the port to an uncommon number, you reduce the chances of being targeted, as attackers typically focus on scanning well-known ports​

Additionally, switching the SSH port can help prevent brute-force attacks, where hackers try multiple passwords to gain access. These types of attacks often target the default SSH port, so changing it makes it harder for automated tools to find and exploit vulnerabilities​.

Ultimately, changing the SSH port provides an extra layer of security by decreasing the visibility of your SSH service to potential attackers. It makes it less likely for unauthorized users to gain access, improving the overall security posture of your server.

Steps to Change the SSH Port in Debian 12

To change the default SSH port on Debian 12, follow these steps:

  1. Connect to the Server via SSH
    First, ensure you are connected to your server via SSH with root or sudo access.
  2. Edit the SSH Configuration File
    Open the SSH configuration file with a text editor. This file is typically located at /etc/ssh/sshd_config. Use the following command to open it:

    sudo nano /etc/ssh/sshd_config
    

    Change the Port Number
    Find the line containing Port 22 and change the port number to the one you want to use. For example:

    Port 2222
    
    • Ensure that the new port number is not already in use.

Save the Changes
After making the change, save the file and close the editor. In Nano, press CTRL + X, then press Y to confirm, followed by Enter to exit.

Restart the SSH Service
To apply the changes, restart the SSH service with the following command:

sudo systemctl restart ssh

Test the New Port
Open a new terminal window and test the new port by attempting to connect with the following command

ssh -p 2222 username@your_server_ip

Update the Firewall
If you’re using a firewall, such as UFW or iptables, you need to update the firewall rules to allow traffic on the new port. For UFW, use:

sudo ufw allow 2222/tcp

By following these steps, you will successfully change the SSH port on your Debian 12 server.

Troubleshooting: Common Issues After Changing the SSH Port

After changing the SSH port on your Debian 12 server, you may encounter a few common issues. Here’s how to troubleshoot them:

Unable to connect via SSH on the new port
This issue can happen if you forgot to update the firewall to allow the new port or if the SSH service didn’t restart properly. Double-check your firewall settings and ensure the port is open. For example, use:

sudo ufw allow 2222/tcp

Also, make sure the SSH service was restarted with:

sudo systemctl restart ssh

Connection timeouts
If you’re experiencing connection timeouts, ensure that there are no issues with the network or IP address you’re connecting to. Also, verify that your client command specifies the correct port:

ssh -p 2222 username@your_server_ip

SSH daemon fails to start after port change
Sometimes, changing the port can cause the SSH service to fail. This can be due to an incorrect port number or a conflict with another service. Check the SSH service status to see if it’s running:

sudo systemctl status ssh

If it’s not running, check the SSH logs for any errors:

sudo journalctl -xe | grep ssh

Port number conflict
Ensure the new port number is not already being used by another service. You can check if the port is in use with:

sudo netstat -tuln | grep 2222
  • If the port is in use, choose another port number.

Firewall blocking access
Make sure your firewall is configured correctly to allow traffic on the new port. If you’re using UFW (Uncomplicated Firewall), you can check which ports are open with:

sudo ufw status
  • If the new port is not listed, add it as mentioned earlier.

By following these troubleshooting steps, you should be able to resolve most issues that arise after changing the SSH port.

Changing the SSH port in Debian 12 is a useful step for improving the security of your server. By following the steps to update the port, restart the SSH service, and ensure the new port is open in your firewall, you reduce the likelihood of automated attacks targeting the default port (22). It’s also essential to verify the new port works by testing your connection and keeping your firewall settings up to date. With these changes, your SSH service becomes more secure, making it harder for unauthorized access attempts.

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments