Change SSH Port

SSH Icon

I recently notices a rise in failed SSH login attempts on my server so decided to lock it down even more. Changing your SSH port is a easy way to add security to your linux box. This will be stop script kiddies from brute forcing your box (make sure you have a strong complex password). This will not stop all attacks, but it will help. I will be using Centos 7, but the process should be pretty much the same on most linux boxes.

First thing is to open the new SSH port on the firewall, cause you don’t want to get locked out of your box. I am using IPTables and port 2222.

# vi /etc/sysconfig/iptables

Add -A INPUT -p tcp -m state --state NEW -m tcp --dport 2222 -j ACCEPT after you current SSH rule.

Restart the firewall so the changes take affect.

# systemctl restart iptables

Next we will backup the current SSH config in-case it doesn’t work.

# cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now lets make the changes to SSH config file.

# vi /etc/ssh/sshd_config

If you file has never been modified the line you are looking for should look like #Port 22

Change:

#Port 22

To:

Port 2222

Save the file and restart the SSH service.

# systemctl restart sshd

Test what we have done and try to login to SSH via the new port.

If everything worked, we need to remove the olf SSH firewall rule.

# vi /etc/sysconfig/iptables

Remove -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

Now your box is a little more secure!

Leave a Comment