“and first for something complete different”: Muzaq… coding or administrating system can’t do without gooood muzaq. Check our latest tunes here :-)
Are you also tired of those weird guys, script kiddies and wanna-be-hackers, who are trying to ssh your server on port 22? All those connection attempts cost your server time and in the end your money.
I. Abstract:
By just changing the standard ssh port of your server you can reduce the amount of unwanted login attempts quite effectivly. Simply because it would take too much time for these ugly guys to find out about your specific configuration. Although this is just a basic proactive measure, it is statistically proven that a significant amount of these kiddies do decide to move on to try to hack another server.
II. Requirements
The following lines are being applied to a Debian Etch based box. Other distros should work similar, but I am not experienced with them. Moreover there is no specific knowledge required.
III. Edit sshd_config
- get your favourite editor by hand (no matter if this is vi, vim, nano, joe or any other thing), here nano is sufficient. Btw: nano comes preinstalled on Mac OS boxes. In case it is absent I am quite familiar with vim aswell, but imho nano is much faster for simpler tasks like the one we’re going to solve and vim is much more powerful for complex operations.
nano /etc/ssh/sshd_config
- see the line, where that code is written:
# What ports, IPs and protocols we listen for
Port 22
- change this port to whatever port you like. May I suggest 8722 ?
IV. Recommendations for testing
- If you are using a firewall (you should!!) don’t forget to open that port! Otherwise you won’t be able to login on that port ;-)
- For testing purposes (like when you don’t have physical access to that server) I would really recommend to not edit the sshd_config by just changing that line:
# What ports, IPs and protocols we listen for
Port 22
I’d rather recommend to add a second port, like that:
# What ports, IPs and protocols we listen for
Port 22
Port 8722
- Your server will then listen on two ssh ports!
- The advantage is: if anything (like) firewall doesn’t work you are not locked out of your box and won’t have to much hazzle with running a recovery console and so on.
V. Restart ssh deamon to apply changes
- Ok let’s get our new (added or changed) ssh port running:
/etc/init.d/ssh restart
VI. Login again
- then open a new terminal and try to connect with the switch “-p” (port)
ssh myuser@mydomain.com -p 8722
- if the login attempt works on port 8722, you can remove “Port 22” from your
sshd_config
(restart ssh deamon then again)
- otherwise login on port 22 as usual and fix your firewall settings
Don’t hesitate to leave a comment. In case that explanations where helpful do us the favor and visit our sponsor (Google). Thanks…
Sponsor: