(775) 387-3978

Default SSH Port and Security

The default SSH port is 22.As this is very well known, attackers scan this port first. Overall security is not the topic here though. We are focusing strictly on securing SSH access. Here are some common methods.

  • Changing the default port (Security by obscurity)
  • Private Networking with VPN access (Far more secure)
  • Firewall filtering (More secure than simple changing the port)

Security by Obscurity

Obscurity is simply modifying the method at hand just slightly to throw off bots and the average “Joe”. This is the method we are covering in this post. We are going to change the default port from 22 to 2234. This is literally the second and most basic technique to securing your Linux instance, physically or virtually. The first of course, a SECURE PASSWORD! 

Changing the Default SSH Password

For our instruction, we will be using Ubuntu 16.04 Xenial.

1. Open SSHd configuration file

I use vim for a majority of my edits. However, you can use any editor you prefer from the terminal.

sudo vim etc/ssh/sshd_config– You’re going to need to edit this file with root permission.

2. Modify the default port

This may vary based on distribution however, the line the default port is set on our instruction instance is 5 Port 22

Change Port 22 to Port 2234 and then save. To edit using VIM first push “i” for insert on your keyboard. To save push “ESC” then “SHIFT ZZ”. This will write your changes to the file.

Restarting SSHd

Execute sudo service sshd restart. This will restart the service, it will not disconnect you. Prior to disconnect, confirm your settings were set correctly by cat’ing the sshd_conf file. cat /etc/ssh/sshd_config, you will not need to be root to do this. Once confirmed disconnect using exit and reconnect.

Conclusion

Although simple, it is effective. Granted, any port scanner would figure it out, it still prevents someone from simply stumbling on in.