How and Why to Change Default SSH Port

29/12/2020
ssh
Secure Shell, also known as SSH is a network protocol which can be used to access the server remotely. Communication taking place between client and server is encrypted so it is more secure than telnet (telnet is also a network protocol used for almost the same purpose). We can access server remotely by providing username, IP address and port number through which communication will take place.

How to Access Server Using SSH Default Port:

In order to access a client remotely, use the following command on terminal:

[email protected]:~$ ssh username@serverIP

OR

[email protected]:~$ ssh serverIP -l username

This command will cause the client to access server having IP Address ‘serverIP’ using the user ID ‘username’. If this is the first time connection between local client and server the user will be prompted with the remote host’s public key fingerprint.

The authenticity of the host ‘example.ssh.com’ cannot be established.

DSA key fingerprint is
98:76:54:32:10:jk:lm:23:32:pq:rs:tu:33:22:11:55

Are you sure you want to continue connecting (yes/no)?

If you answer ‘yes’ then the connection will be established and the host key will be stored in the local system. When host key is stored once, next time the client system can access the host without any approval. After confirmation, user will be asked for password. By entering password of the server, you will be able to access server remotely.

SSH Default Port:

Wireless or wired communication between two machines takes place through ports. There are a total of 65,536 Communication ports and communication can take place through any of these ports. SSH communicates by default through port 22. When we run the above command, connection between local client and server is established through port 22 and all the communication takes place through this port.

Why We Change Default SSH Port?

We change Default SSH port to provide security measures to the server especially from Brute Force Attack.

Brute Force Attack is a trial and error method to decode encrypted data such as passwords through exhaustive effort rather than applying intellectual algorithm. This is just like we make different number of combinations from specific alphabets.

Port 22 is default port of SSH so everyone knows about it and it is much easier to access data from this port by unauthorized person than any other port. In case of changed default SSH port, hacker has to try different ports on trial and error base and it becomes much more difficult to find an open port. Default port is changed to give a hacker in such a situation.

How to Change Default SSH Port?

You can change the default SSH port for your Linux Server to add security measure.

Warning: Make sure the new SSH port does not conflict with any known or blocked ports.

Following Steps are performed to change the default SSH port.

Access Server through SSH:

Before you change the default SSH port of machine, you need to connect to your server through SSH. In order to connect to the server you should know the server IP, username and password. Run the following command on your linux machine to get connected with server:

[email protected]:~$ ssh username@serverIP

You must have sudo privilege to get connected with server.

Selecting a new Port:

There are a total of 65,536 communication ports and we have to choose one port among these but which one?

ICANN (International Corporation for Assigned Names and Numbers) classifies the ports into following categories:

  • System/Well Known Ports: 0-1023
  • User or Registered Ports: 1024-49151
  • Dynamic/Private Ports: 49152-65535

In order to avoid miss-configuring, we choose a port number from Dynamic/Private Ports.

Changing the Default SSH Port:

When we are logged into the server we can change Default SSH port by editing sshd_config file. It is a good practice to have a backup before we make any changes in this file. The following command will create a backup file of sshd_config file.

[email protected]:~$ cp  /etc/ssh/sshd_config  /etc/ssh/sshd_config_backup

Above Command will generate a copy of sshd_config file in the same directory named as sshd_config_backup as a backup. Now we are ready to change the default SSH port. To change the default port, open sshd_config file in any editor. In the following command we are going to open this file in a text editor.

[email protected]:~$ gedit  /etc/ssh/sshd_config

By running the above command, sshd_config file will be opened in text editor. Now find the following line in this file:

#Port 22

Remove # sign and replace the Port 22 with your selected port from given range of ports. For example

Port 49160

In order to avoid completely locking yourself from your system, you should whitelist the port you have specified above (e.g. 49160) on your firewall.

Restart SSH:

When you have made changes in sshd_config file, you should restart the server to load changes. Run the following command to restart SSH:

[email protected]:~$ sudo service sshd restart

Test Changes:

You can test changes by connecting to your server again without logging out current SSH session. Remember to use the new Port number while connecting this time as we have changed it. Opening a new session without closing the previous one ensures that you don’t lock completely yourself from your linux server. After changing default Port, you need to specify the port number to connect to the server. Following is the command to connect to the server after changing default port:

[email protected]:~$ ssh username@userIP -p 49160

Use your specified port in place of 49160.

Conclusion:

This blog gives a brief knowledge on the procedure of changing default SSH port and the importance of changing default SSH port. I have summarized each step and hope you will find it helping.

Sandclock IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, Sandclock IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

How to Copy SSH Keys

SSH is an important tool when it comes to a work to be done in another server. You can move files, sync folders, migrate...
29/12/2020

Enable SSH on Debian 10

You can use SSH to access to your Debian 10 server or desktop remotely. You can install new software packages, configure...
29/12/2020

How to Enable SSH Server on Ubuntu 18.04 LTS

SSH server is used to connect to a remote computer using SSH client. The remote computer can be controlled and configured...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Hướng dẫn chuyển đổi windows server windows evaluation to standard và active windows server 2008 + 2012 + 2016 + 2019
26/10/2021

How to Update Ubuntu Linux
24/10/2021

Squid Proxy Manager cài đặt và quản lý Proxy Squid tự động trên ubuntu
20/10/2021

Hướng dẫn cài đặt Apache CloudStack 4.15.2.0
19/10/2021

Hướng dẫn ký file PDF bằng chữ ký số (chữ ký điện tử) và sửa lỗi mới nhất 2021 foxit reader
19/10/2021