January 17, 2014 · bash debian firewall hacks learnshell linux newbie security server ssh tricks

Change default SSH port

linux-ssh

The Secure Shell (SSH) Protocol uses port 22 by default. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH port will stop many automated attacks and will make it a bit harder to guess which port SSH is accessible from. In other words, a little security though obscurity.

Here's how to do that:

First, edit (as root) with your favourite text editor (vim) the sshd configuration file:

sudo vim /etc/ssh/sshd_config

Locate the line which states Port 22. However, before doing so, you'll want to read the note below. Choose an appropriate port, also making sure it not currently used on the system:

What ports, IPs and protocols we listen for Port 65505

**Note:** The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. It is good practice to follow their port assignment guidelines. Having said that, port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used. Though nothing is stopping you from using reserved port numbers, our suggestion may help avoid technical issues with port allocation in the future.

Next,  switch over to the new port by restarting SSH:

sudo /etc/init.d/ssh restart

Before closing the window with the current session, test the new port. It might sometimes not work properly. If that happens, simply revert the changes or try using different port number. To verify SSH is listening on the new port do:

ssh -p 65505 username@hostname

Note how the port number now needs to be declared. To save some time, you can always create an alias and place it in your .bashrc file, or a file you normally keep your aliases (in my case it's .aliases which is included in my bash configuration file using simple source $HOME/.aliases line in .bashrc / .zshrc):

alias sshp='ssh -p 65505 username@hostname'

And that's it! You can now enjoy ssh connection on a port of your choice.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket

Contact