Change Default SSH Port | Ubuntu 11.10

28 Dec

Not everyone has system administrators running around them, to take care that no one hacks their servers and ensure all the updates are up and running. We talked about securing a system by disabling direct root access/login for a Linux based system, but we would like to continue it by helping you know, how you can make your system a bit more secure albeit not completely, by making a simple change.

//

In this post we will show you, how you can change the default SSH port from the world known 22 to something else.

Note: Having your SSH running on port 22 does not mean that you are running a insecure system, this tip only makes it a bit harder to guess on which port SSH is accessible from.

To change your default SSH port from 22 to something else you will need to have root access (you can read our earlier article on disabling direct root access and claiming it for any user) before you make any of the changes.

Once you have root access open the file /etc/ssh/sshd_config and search for Port, it should show 22 as the default value. Change 22 to any port you want that is not already being used on the system.

//

change-ssh-port

Once you have made the change to use a different port, save the file and issue the command /etc/init.d/ssh reload. That’s it your default SSH port should be disabled now, you will need to setup your SSH clients to reflect the changes, or else you may see “Permission Denied” errors.

While logging in from another server, instead of typing “ssh servername” type in “ssh –p portnumber servername”, replace the portnumber with the port number you setup in the earlier steps.

If you are using putty just change the default port from 22 to your new port and save the settings.

About these ads

2 Responses to “Change Default SSH Port | Ubuntu 11.10”

  1. Don December 29, 2011 at 8:11 pm #

    Shot bomber not a bad idea! We have done it on our smtp auth server as well to throw off spammers.

  2. darrynvantonder December 29, 2011 at 8:39 pm #

    No problem.

    You might want to check out Fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page), very simple to install and setup, as well as this link (http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/) which drops all SSH attempts from know attack vectors.

    Two tools i install and use by default on any nix box.

    Cheers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 55 other followers

%d bloggers like this: