In the realm of server management and cybersecurity, one of the fundamental steps to fortify your system against potential threats is securing the SSH (Secure Shell) protocol. SSH serves as a primary gateway for accessing your server remotely, making it a prime target for malicious actors. One effective technique to bolster SSH security is by changing the default port number. In this guide, we’ll walk you through the process of changing the SSH port on your Linux server, enhancing your system’s defense against unauthorized access.
Why Change the SSH Port?
By default, SSH operates on port 22. This widespread knowledge makes it easier for attackers to target SSH services and attempt to gain unauthorized access to your server. Changing the SSH port adds an additional layer of obscurity, making it more challenging for automated bots and script kiddies to locate and exploit your SSH service.
Before You Begin:
Before proceeding with changing the SSH port, ensure you have administrative access to your server and have SSH configured and operational. Additionally, if your server is protected by a firewall, you’ll need to update the firewall rules to allow traffic on the new SSH port.
Step 1: Access Your Server
Connect to your server using SSH with your existing credentials. You’ll need to log in as the root user or a user with sudo privileges.
ssh username@your_server_ip
Replace username
with your username and your_server_ip
with the IP address or domain name of your server.
Step 2: Edit SSH Configuration File
Once logged in, open the SSH configuration file using a text editor. The SSH configuration file is typically located at /etc/ssh/sshd_config
.
sudo nano /etc/ssh/sshd_config
Find the line that specifies the SSH port. It usually looks like this:
#Port 22
Uncomment the line by removing the #
symbol at the beginning, and change the port number to your desired value. Choose a port number between 1024 and 65535 that is not commonly used by other services. For example:
Port 2222
Save the changes and exit the text editor.
Step 3: Restart SSH Service
After modifying the SSH configuration file, you need to restart the SSH service for the changes to take effect.
sudo systemctl restart sshd
If you encounter any errors during the restart process, double-check your SSH configuration file for syntax errors or typos.
Step 4: Update Firewall Rules
If your server is protected by a firewall (e.g., iptables, firewalld), update the firewall rules to allow traffic on the new SSH port.
For iptables:
sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT sudo iptables-save > /etc/iptables/rules.v4
For firewalld:
sudo firewall-cmd --zone=public --add-port=2222/tcp --permanent sudo firewall-cmd --reload
Step 5: Test the New SSH Port
Before closing your SSH session, open a new terminal window and attempt to connect to your server using the new SSH port.
ssh -p 2222 username@your_server_ip
Replace username
and your_server_ip
with your credentials and server IP address, respectively.
If you can successfully connect to your server using the new SSH port, congratulations! You’ve successfully changed the SSH port, enhancing the security of your server.
Final Thoughts:
Changing the SSH port is a simple yet effective security measure that can significantly reduce the risk of unauthorized access to your server. However, it’s essential to combine port changing with other security best practices, such as using strong passwords, implementing firewall rules, and regularly updating software packages, to ensure comprehensive protection against cyber threats. By taking proactive steps to secure your server, you can minimize the likelihood of security breaches and safeguard your valuable data and resources.