How To Change The Default SSH Port And / Or Have It Running On More Then One Port

Note: Changing your default ssh port does not guarantee that you won't get hacked. How ever changing the default really helps cut down on the attempts. Please make sure you have other secure practices in place such as strong passwords.

 

 

What is SSH?


 

SSH is program and protocol for securely connecting into remote machines across a network. It allows you to run programs, and do a variety of tasks as if you were sitting at the machine. SSH is very similar to telnet except for it is with encryption to protect the transferred information and authentication.

 

I have used ssh to remotely connect to different Linux systems and edit configuration files, start and stop services, check mail, run applications, and pull applications to my remote computer such as a web browser. (This can be handy if you are at school or work and they block specific sites.)

 

 

 

 

Why Move SSH Port?


 

Many people will change the default SSH port to add another layer of security, or sometimes the default port may be blocked at there work place or school and would like to connect.

Often hackers will use tools to do automated attacks. They will go and scan for the default ssh port and try to get connected using an dictionary attacks. (Meaning, they will trying a huge list of passwords and usernames hoping to get lucky. ) All the more reason to have a secure password.

By moving the default port it just one thing to prevent your system from being targeted.

 

 

 

   

How to Change the default SSH port:


 

Before we begin we will will need to find a port that we will want to use. You will need to be careful to not use a standard port for another application because you could run into conflicts.

 

Many applications will have a default port. For example mail will be on port 25. SSH default port is 22, Microsoft's remote desktop port is 3389...etc. Most people know that the default SSH port is 22 and want something that will be easy to remember. Often they will assign it a port like 922. If you have a look at the link below, you should get an idea of what most of the standard ports are. Just look for an opening. The choice is up to you, just make sure it doesn't conflict with another application. I would recommend something about 2000.

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

In this example we will change the default ssh port on an Ubuntu server. These steps below will work for the Ubuntu desktop as well as disributions such as Arch Linux, CentOS, Fedora, Linux Mint and OpenSUSE. If you are on a different distribution the configuration file and the command to restart the SSH service may be slightly different.

In these steps we will be doing all the configuration at the command line. If you are using a GUI desktop (Gnome) you can open the terminal by going to Applications > Accessories > Terminal.

The SSH configuration file we will need to edit, is located in /etc/ssh directory. Let's navigate to this location by using the cd command.

cd /etc/ssh

 

 

cd /etc/ssh

 

 

Now we will want to edit sshd_config with sudo or the root user. You can use your favorite text editor. If you have not used a text editor in a terminal, I would recommend starting with Nano. To keep things simple we will use the Nano in this tutorial.

sudo nano sshd_config

 

 

sudo nano sshd_config

 

 

Enter your user password

 

 

Enter you password if using sudo

 

 

Note: You can have SSH running on more then one port if you would like. You could expose your changed port number to the web, but still be able to use the default port on your internal network.

You can see that the default port is 22. You can just change the number to the port you would like.

 

 

You can see the deffault port is 22

 

 

You can either change the port number or to have SSH run on more then one port by adding another line that says Port and the port number you want to add. You can see below that I added another line to config file to have SSH run on port 922 as well. I can then setup a port forward on my firewall to just allow traffic in on port 922.

 

 

Add a line or change the port number

 

 

To exit out of the Nano editor, hit CRTL + X

Hit Y to save Changes

 

 

Hit Y to save changes

 

 

Keep the file name the same by hitting enter

 

 

Keep the default name to overwrite the file

 

 

Now we just need to restart ssh for are changes to take effect.

(Note: If you are doing this on a system that has a firewall or uses iptables built in you will need to enable the port as well. An example would be CentOS and iptables.)

sudo /etc/init.d/ssh restart

 

 

sudo /etc/init.d/sshd restart  - To Restart openssh

 

 

 

 

 

How to Connect using SSH on the new port:


 

Command Line:

If you are on Linux system and you want connect to an SSH server on port 922 you can use the following command.

ssh SSHServer -p 922

(Replace SSHServer with the IP Address or DNS name of your server )

 

 

ssh ServerIP -p PORTNumber

 

 

or ssh SSHSERVER -p 922 -l LoginName

(Replace LoginName with your user name)

 

 

ssh ServerIP -p PORTnumber -l LoginName

 

 

 

Putty:

Just change the port number feild when connecting.

 

 

Putty Example - Changing Port Number

 

 

Graphical Interface on Gnome:

 

 

Launch Connect to Server

 

Select SSH as Service type and fill in information

 

Hope you found this useful!