Here’s a useful tip for people that access their computer or server over the Internet using SSH. Change your SSH port from the default port 22 to something else. Although this is not a foolproof hack to secure your server, it can at least help greatly. Let’s look at you this would be done on an Ubuntu machine. NOTE that this change should not be performed over a remote SSH connection, you might lose all contact with your server.
- First, check to see if the SSH service is running at all, and if it is, then on which port. Run the following command:
# netstat -tulpn
In the output you should see an entry for port 22. This is the SSH service.
- Now let’s make the change. Open the SSH service configuration file:
# sudo vim /etc/ssh/sshd_config
At the beginning of the file you will a line that looks has Port 22 on it. Change the number 22 to something of your choice, for example, 678. Save the file and exit.
- Now you need to restart the SSH server so that the new setting can kick in. To do so execute the command:
# sudo /etc/init.d/ssh restart
- Make sure that the restart goes through correctly. If you are running a firewall, make sure that you allow access to the new SSH port.
- You would have been using a command like # ssh email@example.com to access your server remotely. As the SSH client is preconfigured to use the port 22 as the default port you do not need to explicitly tell it to use the port 22. Henceforth you will need to tell it to your the port you chose for your server. Your new command will look something like this:
# ssh -p 678 firstname.lastname@example.org
Little hacks like these go a long way to helping you secure your Linux box.