Bad actors and malicious users and bots may attempt to gain access to your server by sending a barrage of SSH requests. Each request attempts to guess your password, therefore taking control of your server in what is known as a “brute force” attack. Usually, computers the hacker controls carry out these attacks. To clarify, most Hackers program these machines to brute force attack any server they can find. They’re not trying to hack you in particular. As an analogy, think of a thief trying a crowbar on each door to every house in the neighborhood to see if any give easily.
This guide is intended for Hostwinds Cloud VPS and Dedicated Server clients who would like to add the extra security measure of changing the server’s SSH port for the Linux based server.
Changing the SSH port helps protect against brute force attacks. Think of a port like a door to one of the houses in our thief analogy. If we make the entrance secret, our thief will have to work a lot harder to find it. This means he’s more likely to try to find a house with a door in the normal spot.
Likewise, most hackers aren’t going to try to scan every possible port on your server, because they’re looking for an easy attack. So, to make your server less easy to attack, we can change your server’s port. To get started, you’ll need to first edit a file as the root user.
Changing the port
Before proceeding, be sure to take a backup of your ssd_config file so that it can easily be restored.
First, log in as the root user and edit the file using this command:
# nano /etc/ssh/sshd_config
Now that you’ve opened the file, find the line where it says Port 22 and change the 22 to a Dynamic and/or Private Ports number. These are ports from 49152 through 65535 and can be used. Though nothing is stopping you from using reserved port numbers, such as 1024 – 49151, it may help avoid technical issues in the future. Try to pick a number not related to 22. For instance, 50356.
Once you’ve changed the number, save the file by pressing Control-X to save the file with your changes. When it asks if you want to save your changes, type y for “yes”.
IMPORTANT: Remember the number! Above all, You’ll need it any time you want to remotely manage your server from now on. Similar to our previous analogy, it won’t do you a whole lot of good to move the door in your home if you forget where the door is!
Let SELinux know about it
Second, we need to let SELinux know that we’re moving the port over.
# semanage port -a -t ssh_port_t -p tcp [YOUR PORT NUMBER HERE]
Replace [YOUR PORT NUMBER HERE] with the port number you choose
Restart the SSH Daemon
Finally, command line users can restart the ssh daemon by running:
# systemctl restart sshd
Connecting To Your Server From The new port
In order to connect to your server using SSH through the new port number, you’ll need to let your ssh client know. After setting up the new port accessing your server via the PuTTY terminal:
In the text entry under Port, enter the number, and connect to your server to make sure you can log in.