RSS How to change the default ssh port

By default, SSH runs on port 22. Running SSH on port 22, though, makes it an easy target for those who might try to brute-force their way into your server and do all sorts of evil things with it. Removing SSH from Port 22 and making it run on a different, unusual and hard-to-guess port, like, say, 61612 for instance, will increase the security of your server by making it appear to a bot or lazy port-scanner that you don’t have SSH running at all. Of course, this won’t stop those determined to find the port that your SSH is running on, but it will immediately cut out those hackers who aren’t that invested in your machine in particular, but are looking instead for easy “ins”.

Let me make it clear that just changing SSH’s port alone will not make your server invincible; it’s just one good practice that you should employ along with all of your other security tools. You still need a good, solid firewall product running on your system, long and difficult passwords (or use key authentication instead for even more security), and all the usual server hardening and good coding practices that keep your server as safe as possible from outside attack.
That said, let’s go ahead and move SSH onto another port:

REQUIRES: A working cPanel install with SSH currently running on Port 22
DIFFICULTY: Medium-Low
ROOT REQUIRED: Yes
TIME REQUIRED: 30 Minutes
DANGER LEVEL: Medium-Low

INSTRUCTIONS

1. First, let’s pick what port you want to move SSH onto. You can pick any UNUSED number between 1 and 65535. If the port is or could be already in use on your server, you cannot use the port number. For a list of commonly used ports that you should avoid, see this list at Wikipedia. Your best bet is to choose a number in the unregistered range (49152-65535), like 61612. Once you’ve chosen your port number, you’re ready to put it to work:

2. Log In through SSH as root to your server.

3. The SSH service is called sshd in CentOS, so let’s open sshd’s configuration file so we can edit it (I use nano, but you can use vi or whatever text editor you like):

nano /etc/ssh/sshd_config

4. Near the top of the file you should see a line that says either “#Port 22″ or “Port 22″. If you don’t see this line at all anywhere in the file, that’s okay too – just insert the line below as directed in this step. If the Port line is already in the file, however, go ahead and DELETE THE LINE. In it’s place put the following (substitute xxxx with the port number you picked in step 1):
Port xxxx

5. Go ahead and save and close the file you just edited and run the following command to restart sshd and take advantage of your new port assignment:

service sshd restart

6. Exit out of SSH to close the current session:

exit

7. Now, let’s test out the new configuration. First, try to log in on Port 22 through SSH. If it fails to connect (“Connection Refused”), you’ve successfully removed SSH from Port 22. Next, try to log in to SSH using your new Port number. If you connect successfully, congratulations! You’ve successfully moved SSH onto a non-standard port and your server is just a tad safer for it! IF IT DOESN’T WORK, see step 8.

8. If your new SSH port is working, you’re done – skip this step! If something went horribly wrong, though, while you were attempting to change the default SSH port and now you can’t log in to SSH at all, don’t worry! cPanel has a built-in magical script to reset SSH back to port 22 so you can log in and try again. Once you’ve used this script, though, you must log in to SSH immediately and edit the file listed in Step 3 or the port will be reverted again the next time sshd restarts. Here’s the script you need: in your web browser, go to this address (substitute xxx.xxx.xxx.xxx with your server’s IP address) and log in as root (you may be asked for your password twice):
http://xxx.xxx.xxx.xxx:2086/scripts2/doautofixer?autofix=safesshrestart

FINAL NOTE: If you already had a firewall product, such as csf/lfd installed on your server before making this change, you will now need to go into the configuration for that firewall and “open” the port for incoming traffic that you just moved SSH onto as well as “close” Port 22 to incoming traffic entirely. Refer to your firewall vendor for instructions, or ask your hosting provider if you need help with this.

The post How to change the default ssh port appeared first on WASD HOSTING.

Continue reading...