Changing from default SSH port number to secure SSH port number is important aspect which should be done from your side. That’s would be important aspect for security or server hardening task. Although some blackhat person still can doing port scan on your server using NMAP or any other UNIX tools. But, they maybe would be found difficulty to dropping your server.
So, using secure SSH port number is part one of hardening security server. After that, you can polish your server become an high-secure production environment using Firewall app like Firewalld, Iptables, UFW firewall, and Config Server Security & Firewall and Login Failure Daemon (LFD).
PREREQUISITES:
* VPS / Cloud / Dedicated Server
* System Distribution with Debian/Ubuntu LTS
* Server IPv4 Address
* Full-Root Access
* gNome Terminal for Linux
* PuTTy SSH Client for Windows / Mac
1.) Adding SSH Port Number to Firewall Rule
Firts of all, you must adding SSH port number to your Firewall rule if your server currently running with Firewall app.
2.) Change SSH Port Number
After putting your SSH port number to your firewall rule, you can moving forward to the next step to change SSH port number inside your OpenSSH configuration on your Debian/Ubuntu machine.
$ nano /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf Port 47965 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key ------------------------------------------------
PLEASE NOTE: In the configuration above I’ve been changed SSH port number from default 22 to 47965 which should be secure SSH port number on my machine. But, you can change your SSH port number to your prefered SSH port number.
Also maximal SSH port number which can be used is 65535, so you cannot user port number over 65535.
3.) Restart OpenSSH Service
After that, you must restart OpenSSH service on your server.
$ service ssh restart
OR
$ systemctl restart ssh.service
4.) WARNING for Port Number Changes
When you change SSH port number on your Debian/Ubuntu machine, you should read the following restriction or warning which should not be used in your end.
Well Known Ports: 0-1023 (This port range should not be used)
Registered Ports: 1024-49151 (You should avoided this port range)
Dynamic/Private Ports: 49152-65535 (This port range should not be used)
CONCLUSION:
Change SSH port number on your machine is quite easy and this task should be done under 5 minutes. You must doing this task to create secure production environment on your Debian/Ubuntu server.
