Are you also tired of those weird guys, script kiddies and wanna-be-hackers, who are trying to ssh your server on port 22? All those connection attempts cost your server time and in the end your money.
I. Abstract:
By just changing the standard ssh port of your server you can reduce the amount of unwanted login attempts quite effectivly. Simply because it would take too much time for these ugly guys to find out about your specific configuration. Although this is just a basic proactive measure, it is statistically proven that a significant amount of these kiddies do decide to move on to try to hack another server.
II. Requirements
The following lines are being applied to a Debian Etch based box. Other distros should work similar, but I am not experienced with them. Moreover there is no specific knowledge required.
III. Edit sshd_config
- get your favourite editor by hand (no matter if this is vi, vim, nano, joe or any other thing), here nano is sufficient. Btw: nano comes preinstalled on Mac OS boxes. In case it is absent I am quite familiar with vim aswell, but imho nano is much faster for simpler tasks like the one we’re going to solve and vim is much more powerful for complex operations.
nano /etc/ssh/sshd_config- see the line, where that code is written:
# What ports, IPs and protocols we listen for
Port 22 - change this port to whatever port you like. May I suggest 8722 ?
IV. Recommendations for testing
- If you are using a firewall (you should!!) don’t forget to open that port! Otherwise you won’t be able to login on that port ;-)
- For testing purposes (like when you don’t have physical access to that server) I would really recommend to not edit the sshd_config by just changing that line:
# What ports, IPs and protocols we listen for
Port 22
I’d rather recommend to add a second port, like that:
# What ports, IPs and protocols we listen for
Port 22
Port 8722- Your server will then listen on two ssh ports!
- The advantage is: if anything (like) firewall doesn’t work you are not locked out of your box and won’t have to much hazzle with running a recovery console and so on.
V. Restart ssh deamon to apply changes
- Ok let’s get our new (added or changed) ssh port running:
/etc/init.d/ssh restart - then open a new terminal and try to connect with the switch -p
ssh myuser@mydomain.com -p 8722
Don’t hesitate to leave a comment. In case that explanations where helpful do us the favor and visit our sponsor (Google). Thanks…
Sponsor:
1 response↓
1 Build a Debian Etch LAMP server in 30 minutes … complete with SSH remote desktop access « Calebs Creek // Feb 15th, 2010 at 13:25
[...] through at least one firewall and it would be wise to consider changing the defaults. Check out Change Standard SSH Ports. There's a also a series of related articles to this one there: Setting up a LAMP Webserver with [...]
Tell us, what do you think?