How To Change Server’s SSH Port on VPS
How To Change Server’s SSH Port on VPS
In this article, we want to teach you how to change the SSH port on a Linux virtual server. You might ask yourself why we need to change the SSH port. The reason for this is to increase security!
To avoid brute force attacks and root password cracking attacks, you need to change your SSH port and increase your security.
Using a connection port is a prerequisite for connecting to SSH. In Linux servers, port 22 is usually used, which is active by default in Linux servers; But the issue is that this port is subjected to many attacks, the type of these attacks is more than the Brute Force type, which is aimed at cracking the root password of the server.
In simple terms, the person we refer to as an attacker, using random IPs that are connected to the Internet, using the username root and port 22, tests different passwords to be able to Crack the server.
With the help of a firewall, you can block the connection attempt after three failures; this does not mean that these attacks do not take place, but your network resources are involved in attacks, and this method may even be used for network attacks.
These attacks work in such a way that they involve your server with their frequent connections to the network, and the server faces a lack of resources, also called DDoS attacks.
The solution to all these problems is to change the SSH port, which we decided to fully teach in this article how to change the SSH port on a Linux virtual server.
Step-by-step change of SSH port in Linux virtual server
The SSH port is defined in the sshd_config file; The path of this file is located in /etc/ssh/sshd_config.
To change SSH, you must first open the terminal program and then connect to your server using SSH.
Set the port option by editing the sshd file, then save the file.
After you find the file path, you need to edit the file and set the port option, which is possible through the following command:
Sudo nano /etc/ssh/sshd_config
After doing all this, you should look for one of the following lines in this file:
Port 22
#Port 22
The most common port used instead of port 22 is port 2222. To set the port to 2222, you can enter it as follows:
“Port 2222”
Of course, you should keep this in mind since the connection port to Direct Admin is also 2222; it may cause problems in some firewalls, so it is better to choose another port.
After this step, you can save the applied changes in the corresponding file and close the file.
Note: Ports 0 to 1023 in the system are protected for various services, and you will not be able to use these ports. For example, port 80 is for http, port 443 for https, etc., and you have to choose from 1024 to 65535.
Very important point: when changing the port, you should pay attention to one important point, that is, if you don’t shut down SELinux temporarily and then restart the SSH service, your access through SSH will be permanently cut off forever❗
To turn off SELinux, you can use the following command:
Nano/etc/SELinux/config
SELinux users read:
To change the port to 2222, type the following command:
# semanage port -a -t ssh_port_t -p TCP 2222
Firewall settings
After going through the above steps, what you need to do is to update the acceptance of requests from SSH port 2222 on your Linux virtual server; If you are using UFW on Ubuntu and Debian Linux virtual server, using the following command can help you:
$ sudo ufw allow 2222/tcp
But when executing the command, keep in mind that if you use access other than root access, use the sudo command, but if you use root access, you do not need to enter the sudo command; The structure related to iptables is as follows:
sudo /sbin/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 2222 -j ACCEPT
If you are using FreeBSD / OpenBSD / NetBSD Unix operating systems, the pf firewall structure in pf.conf is as follows:
pass log on $ext_if proto tcp to any port 2222 keep state
In order to open the new port, you can run the following commands with the help of firewall on Fedora/CentOS/RHEL/Oracle Linux distributions:
$ sudo firewall-cmd –permanent –zone=public –add-port=2222/tcp
$ sudo firewall-cmd –reload
Don’t forget to update your firewall settings; Otherwise the executed commands can disable your SSH access.
After all this, you must restart your sshd service, to restart sshd, you must use the following command in different Linux distributions such as CentOS/RHEL/Fedora:
$ sudo service sshd restart
If you are using FreeBSD Unix, you should type the following command:
$ sudo service sshd restart
Be careful that the TCP port 2222 is opened, and for this you must use the netstat command or the ss command.
ss-tulipn | grep 2222
netstat -tulpn | grep 2222
In order to use the newly designated SSH port with the command line, you should note that its structure must be one of the following:
ssh -p {port} user@server
sftp -P {port} openssh-server
scp -P {port} source target
scp -P {port} /path/to/foo user@server:/dest/
Conclusion
In this article, we explained step-by-step how to change the SSH port in the Linux virtual server and explained all the points in this regard; After reading the article, follow the tips and warnings that we have mentioned completely so that no problem occurs; If you need more guidance in this field, you can ask us in the comments section so that we can guide you as soon as possible.
