How to change your SSH port! (Security Tutorial)
#1
Why change your SSH port?
This is important to stop a majority of brute force attacks. I suggest you change it due to a recent brute force attempt on a FreeVPS VPS! 
(This was taken from @Optimus, he made a quick explanation on how to do it, but I will enhance it)

Prerequisites:
- You need root access
- Around 5-10 minutes

Tutorial:

Let's begin by editing SSH Configuration:

Code:
vi /etc/ssh/sshd_config

After entering SSH Configuration, look for the following line:

Code:
#Port 22

After finding the line, uncomment it and change the port. Ports can be between 30 and 65535. Pick a random one. I would advise using "catchy" numbers like: 1111, 2222, 3333, 1234, 1212, 6969, etc. Here's an example of what the line should look like.

Code:
Port 874

Once you have changed the line, save the file! You have successfully changed your SSH port! Note: You may need to restart your VPS to apply the changes.

If you want to be extra secure, disable root login!

@FlamesRunner has an important point:
As a warning to any users planning to change their SSH ports, I can't stress enough that you need to make sure the port you choose is (and under) 1024. 


If a user attacks the SSH daemon and it crashes, chances are they know your port. They can proceed to setup a fake daemon to capture login details and eventually, if they're lucky, they can log in as the root user and make unauthorized changes.
Affordable Hosting | https://rpark.co!
Staff Member @ https://alphahost.me
Thanks 4 The VPS | https://nouptime.host and https://hostigation.com!
Spoiler: show
[Image: img.php?v2=1&userid=19312]
NoUptime SSD VPS:
[Image: 6072702203.png]
VPS 18:
Thanks to FreeVPS for VPS18
[Image: 6072706927.png]
#2
I wouldn't agree about the security part..
The hacker can easily do a portscan on your VPS IP, and get all running ports with their services, he can find your SSH port in minutes literally.
VPS 14 by NodeBlade and VPS 21 by Hostmada.
Thanks FreeVPS Smile
#3
(2016-12-23, 3:06:52 pm)rcoliveirajr Wrote: I wouldn't agree about the security part..
The hacker can easily do a portscan on your VPS IP, and get all running ports with their services, he can find your SSH port in minutes literally.

You are (partially) right about that, though there also are bruteforcers who only attack on the default port, port 22. Only changing the SSH port does not completely prevent you from being bruteforced, but it might help reducing them since abovementioned won't attack you any longer.
Thanks to FreeVPS and Verelox for my VPS 8!
Also a big thanks to NoUptime.host for their great FREE VPS!
[Image: img.php?userid=20285]
#4
You are right @Rick and try to not use neither 2222 or 22222 that for bruteforce attacks are considered default ports too. I made that mistake in the past and I had to reinstall my vps and change again the port por ssh.
Thanks FreeVPS.us and Hostigation for VPS 18
[Image: img.php?userid=18506]
#5
on ubuntu 16.04 changing ssh port not simple like that
I cannot access via putty anymore after use above command Laugh
so I still use default port right know, don't understand how to change ssh port on my current system

for security reason I would prefer use RSA key login http://freevps.us/thread-9126.html
and then configuration ssh to disable password login
anyway brute force attacks always get reject access
#6
(2017-02-27, 6:52:39 pm)Nanang Wrote: on ubuntu 16.04 changing ssh port not simple like that
I cannot access via putty anymore after use above command Laugh
so I still use default port right know, don't understand how to change ssh port on my current system

for security reason I would prefer use RSA key login http://freevps.us/thread-9126.html
and then configuration ssh to disable password login
anyway brute force attacks always get reject access

Maybe you did something wrong. Have you restarted your SSHD servive or your full VPS? What did you choose for port number?
Have a look at this video:


#7
(2017-02-27, 6:52:39 pm)Nanang Wrote: on ubuntu 16.04 changing ssh port not simple like that
I cannot access via putty anymore after use above command Laugh
so I still use default port right know, don't understand how to change ssh port on my current system

for security reason I would prefer use RSA key login http://freevps.us/thread-9126.html
and then configuration ssh to disable password login
anyway brute force attacks always get reject access

Did you open the new port in the firewall, if enabled?

Disabling root login isn't the only secure way, root login using a ssh key is sufficient too.
Thanks to FreeVPS and Verelox for my VPS 8!
Also a big thanks to NoUptime.host for their great FREE VPS!
[Image: img.php?userid=20285]
#8
(2017-02-27, 6:52:39 pm)Nanang Wrote: on ubuntu 16.04 changing ssh port not simple like that
I cannot access via putty anymore after use above command Laugh
so I still use default port right know, don't understand how to change ssh port on my current system

for security reason I would prefer use RSA key login http://freevps.us/thread-9126.html
and then configuration ssh to disable password login
anyway brute force attacks always get reject access


On ubuntu 16.04, after changing your port on the file sshd_config, you should also restart the SSH server by:

Terminal

service ssh restart



Then instead of system reboot, verify if SSH is really listening on the new port first:

Terminal

netstat -tunlp | grep ssh



And remember not to use a port number that has already been used by other apps or been reserved on your current system.
#9
(2017-02-28, 5:53:24 pm)Decent12 Wrote: how it can stop brute force attacks just changing port will stop brute force attacks i dont know will it stop or not but if someone know explain me in details i will be thankfull

95% of bruteforce attacks targeted towards SSH and/or other protocols are based on default values and default behavior. Hence why the attacks are automated through bots that scan IP ranges at the default SSH port (TCP/22) and attack all hosts that have an open SSH system running on port 22. Then these bots just keep trying different names and passwords until they get into the system or something else happens that prevents them from getting in (such as changing the default port).

So changing the default SSH port will keep away a huge mass of these bruteforce attacks. The rest of 5% are actual attacks lead by human power and are more advanced than those bots. Hackers for example would manually scan all ports to find SSH even if it is on another port than 22. Depends on what they want obviously.

Please use full stops and commas. Thanks.
#10
it's working right know
dont understand why yesterday is not work on fresh ubuntu 16.04, when I get many attack form chinese ips
something about selinux that I can't fix it

(2017-02-28, 6:28:52 am)Rick Wrote: Did you open the new port in the firewall, if enabled?

Disabling root login isn't the only secure way, root login using a ssh key is sufficient too.

I mean not disabling root login, but set to disable


Terminal

PasswordAuthentication no


off course after get login success with rsa key




Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - HostMada - Host4Fun - Evolution-Host - NodeBlade - HostDare - VPSMost


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo