“and first for something complete different”: Muzaq… coding or administrating system can’t do without gooood muzaq. Check our latest tunes here :-)
Are you also tired of those weird guys, script kiddies and wanna-be-hackers, who are trying to ssh your server on port 22? All those connection attempts cost your server time and in the end your money.
I. Abstract:
By just changing the standard ssh port of your server you can reduce the amount of unwanted login attempts quite effectivly. Simply because it would take too much time for these ugly guys to find out about your specific configuration. Although this is just a basic proactive measure, it is statistically proven that a significant amount of these kiddies do decide to move on to try to hack another server.
II. Requirements
The following lines are being applied to a Debian Etch based box. Other distros should work similar, but I am not experienced with them. Moreover there is no specific knowledge required.
III. Edit sshd_config
- get your favourite editor by hand (no matter if this is vi, vim, nano, joe or any other thing), here nano is sufficient. Btw: nano comes preinstalled on Mac OS boxes. In case it is absent I am quite familiar with vim aswell, but imho nano is much faster for simpler tasks like the one we’re going to solve and vim is much more powerful for complex operations.
nano /etc/ssh/sshd_config
- see the line, where that code is written:
# What ports, IPs and protocols we listen for
Port 22 - change this port to whatever port you like. May I suggest 8722 ?
IV. Recommendations for testing
- If you are using a firewall (you should!!) don’t forget to open that port! Otherwise you won’t be able to login on that port ;-)
- For testing purposes (like when you don’t have physical access to that server) I would really recommend to not edit the sshd_config by just changing that line:
# What ports, IPs and protocols we listen for
Port 22
I’d rather recommend to add a second port, like that:
# What ports, IPs and protocols we listen for
Port 22
Port 8722- Your server will then listen on two ssh ports!
- The advantage is: if anything (like) firewall doesn’t work you are not locked out of your box and won’t have to much hazzle with running a recovery console and so on.
V. Restart ssh deamon to apply changes
- Ok let’s get our new (added or changed) ssh port running:
/etc/init.d/ssh restart
VI. Login again
- then open a new terminal and try to connect with the switch “-p” (port)
ssh myuser@mydomain.com -p 8722
- if the login attempt works on port 8722, you can remove “Port 22” from your
sshd_config
(restart ssh deamon then again) - otherwise login on port 22 as usual and fix your firewall settings
Don’t hesitate to leave a comment. In case that explanations where helpful do us the favor and visit our sponsor (Google). Thanks…
Sponsor:
Pingback: Build a Debian Etch LAMP server in 30 minutes … complete with SSH remote desktop access « Calebs Creek
These Debian tutorials are ooh so handy as i am just starting my own multi purpose server (HTTP,SSH,SMTP,IMAP,POP,FTP,VNC,Torrent,Maby Minecraft [Creative and SMP]) on my 10Mb cable connection. :D
How do we determine a good port number to use? Why did you choose 8722? What happens if I pick a port number that is already in use by some other process? How would I make sure the port I choose isn’t being used?
@Kent: The nmap program can tell you if the port in question is in use:
nmap -p8722 localhost
The response will be “open” if some service is listening on that port, or “closed” otherwise.
The page below contains a list of all current standard port assignments:
http://www.iana.org/assignments/port-numbers
Port #8722 is listed as “unassigned”.
Here is an alternate suggestion: If you are going to use a non-standard port, find one below 1024.
http://serveradmins.net/ssh-on-nonstandard-ports-how-to-not-do-it/
hello
i can`t ssh to chroot environment.
all of ssh (ssh root@localhost ) , going to the local system and not to chroot environment.
I change sshd_config , listen address and port but can`t ssh to chroot./etc/init.d/ssh restart : failed to kill — process. please help…
Pingback: Setting Up a Debian VNC Server (Via SSH tunnel) | Noob2Geek