Linux modify the default SSH port 22 to avoid brute force password cracking

To be safe, we first add an SSH port and add the corresponding firewall rules, and then try to connect to the server with this new port. If there is no problem, we will delete the default port 22 (the reason for this is that if Modifying the port directly may cause you to be unable to connect to SSH after some problems occur, which is miserable).

 

Add SSH port

vi /etc/ssh/sshd_config

# vi After opening the file, press the I key to enter the editing mode, then add the port configuration according to the following requirements, and finally press the ESC key to exit the editing mode and enter :wq to save and exit the vi editor.

We add a new port we want to use under the default SSH port configuration, for example 23456

 

Port 22

# The default port 22 configuration, note that this default port 22 configuration is not deleted now to avoid failure to connect to SSH after modification

Port 23456

# Newly added 23456 port configuration

Then we restart SSH.

 

/etc/init.d/ssh restart

# If prompted that the service does not exist, use /etc/init.d/sshd restart

# CentOS7 uses systemctl restart sshd.service

Configure firewall

First we add firewall rules (example port is 23456, change it yourself):

 

iptables -I INPUT -p tcp --dport 23456 -j ACCEPT

Then it’s not clear whether you have configured the firewall to boot and read the firewall configuration file. So I also write the steps here. I suggest you do it all to avoid restarting the VPS, the SSH port firewall is not open and the server cannot be connected.

 

Configure the firewall to start up

The following code is to configure the firewall to start and save the firewall rules. After the power is started, the saved firewall rules will be automatically read.

 

CentOS system:

 

Note: If it is a CentOS7 system, it is not an iptables firewall.

service iptables save

chkconfig --level 2345 iptables on

To save the firewall rules in the future, only need to execute:

 

service iptables save

Debian/Ubuntu system:

 

iptables-save> /etc/iptables.up.rules

echo -e'#!/bin/bash\n/sbin/iptables-restore </etc/iptables.up.rules'> /etc/network/if-pre-up.d/iptables

chmod +x /etc/network/if-pre-up.d/iptables

To save the firewall rules in the future, only need to execute:

 

iptables-save> /etc/iptables.up.rules

have a test

The above steps are completed, then please disconnect the current SSH connection, and then change the SSH port to a new port (the example port is 23456), try to connect to the new port, if the connection is normal, then continue with the following steps, if the connection is not normal , Then use the old port 22 to connect to it to troubleshoot the problem.

 

Cancel the default SSH port 22

vi /etc/ssh/sshd_config

We open the SSH configuration file again, delete the Port 22 line, and then restart SSH.

 

/etc/init.d/ssh restart

# If prompted that the service does not exist, use /etc/init.d/sshd restart

# CentOS7 uses systemctl restart sshd.service

Was this answer helpful? 546 Users Found This Useful (542 Votes)