How to change your SSH port! (Security Tutorial)
That's the first thing I do when installing a new server. All those IP entries when I check the logs is amazing.
[Image: index.php?dualvps=1&userid=8551]
This is the easiest method to stop bruteforce attacks easily, Eventhough port scan may give the hacker ports, then the root user may receive messages, along with these fail2ban may be good as well, also I don't know whether it is possible to create a honeypot to fool the port scanners.
Actually, if you really want to stop bruteforces, it might even be the best option to deny every request on your SSH port and only allow TCP packets from your own IP address. Unfortunately this will come with the restriction you can't access your server from outside your main connection and you might be screwed if you have a dynamic IP and your ISP decides to give you a new lease.

In case you want to achieve above:

iptables -A INPUT -p tcp -s --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s --dport 22 -j DROP

Caution: Please don't use a different order of execution of above commands, this might lock you out of your server!

If you want to prevent any type of bruteforce attacks, fail2ban is also very essential into preventing that. It will ban SSH access if you fail to enter the correct authentication for the VPS after a couple of times and many of these bots will get themselves.

I did get myself locked out once, it sure wasn't fun trying to evade it. Always remember your passwords and usernames!
As a warning to any users planning to change their SSH ports, I can't stress enough that you need to make sure the port you choose is (and under) 1024.

If a user attacks the SSH daemon and it crashes, chances are they know your port. They can proceed to setup a fake daemon to capture login details and eventually, if they're lucky, they can log in as the root user and make unauthorized changes.
Just wandering around, nothing more.

(Wow, it's been years and it took me this long to realize I had a typo in my signature :/)
@rpark using a high port number doesn't make your security unpenetrateable,

Various nmap scripts help you to find the SSH port even in the millions!

Take care, use key-based logins.

[Image: img.php?userid=19870&txt=1]

Thanks to  for VPS 14
A huge shoutout to @F7N for the steller cPanel Hosting
Follow me on Mastodon
View me on IRC @SlashNET

why should ports be under 1024? also can you disable logging in without a key?
Thank you FuzzyHosts and FreeVPS for my VPS 2! rip fuzzyhosts Sad

(2017-07-22, 12:51:05 am)Slothia Wrote: why should ports be under 1024? also can you disable logging in without a key?

1. Ports below 1024 can only be used by root and absolutely no one else. This is a security practise of Linux to ensure that really important system services that might give access to the whole system are only running when the administrator starts them on one of the secured ports. That said nothing stops you from changing ports of important service to ranges above 1024. However on shared services and similar or maybe through a weak protected and hacked normal Linux account an attacker can place a fake SSH server or similar on a port above 1024 and try to gain login data for root or other accounts. Don't quote me... there is so much more to write about this. It has pros and cons. Some say it is useful and others say that it is useless and stupid.

2. Of course you can. Set "PasswordAuthentication yes" to "PasswordAuthentication no" in /etc/ssh/sshd_config and also set "PermitEmptyPasswords no" to disallow empty password authentication (probably already done on 99% of nowadays SSH setups by default). After that restart the SSH deamon. Password authentication is now disabled and if you haven't setup key login you are now locked out of your VPS as soon as you close the open SSH session (as this one still runs on the old config until closed).

Changing your port will not increase security.
You may stop the inexperienced or unintelligent person, but if someone really wants in, they can scan your IP for services and will eventually get your SSH port.

As @Hidden Refuge mentioned, disable password logins and insist on private/public key authentication. That will keep your systems relatively secure. Make sure you add a passphrase though, if your private key is ever leaked, you'll have a few moments to disable the key and generate a new one.
Just wandering around, nothing more.

(Wow, it's been years and it took me this long to realize I had a typo in my signature :/)

Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - HostMada - Host4Fun - Evolution-Host - NodeBlade - HostDare - VPSMost

BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo