Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help with SSH Port
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with SSH Port

click4easyclick4easy Member
edited April 2014 in General

hello there,

I'm having a vps with burst net. Can anyone suggest me on how i can change the ssh port. I've lost it when it was changed last time. So it is not 22

Please suggest me on how to do it. Do we have any option via veportal ? If so, please provide me necessary instructions

Comments

  • /etc/ssh/sshd_config

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    I'd strongly recommend you love away from those bunch of clowns.

  • DroidzoneDroidzone Member
    edited April 2014

    Here's a oneliner to do that:

    sed -i 's/Port 22/Port 9776/' /etc/ssh/sshd_config && service ssh restart

  • Make sure that you don't have selinux enabled, because it will probably prevent your sshd from starting.

    Thanked by 15n1p
  • MrXMrX Member

    rds100 said: Make sure that you don't have selinux enabled, because it will probably prevent your sshd from starting.

    Really? I've never had that issue when changing sshd port with selinux enabled.

    Thanked by 1khav
  • @MrX you didn't have enforcing selinux then :) Try on CentOS 6.

  • Changing SSH port is a bad idea anyway.

  • @Virtovo said:
    Changing SSH port is a bad idea anyway.

    It is not exactly a bad idea but if anyone is under the impression that it somehow increases security, they are badly mistaken. I do often change the SSH port on one of my boxes in order to get around blocks on port 22 (I change it to 80 or 443).

    If you are attempting to make SSH more secure, try the following
    1) Switch to Key Based Authentication
    2) Lock down SSH to a few select IP addresses.

    In my case, I have a VPS set aside strictly for being a SSH Proxy. All of my servers have the IP address to this box whitelisted. I simply need to connect to that proxy and then from there, ssh into the target box. Several of my boxes dont even have a dedicated public IP address as they are being solely used for compute power.

    Thanked by 1MannDude
  • smansman Member
    edited April 2014

    If you refer to ports by service name anywhere you should also change that

    /etc/services

    around line 45

    ssh 22/tcp

    ssh 22/udp

  • @Virtovo said:
    Changing SSH port is a bad idea anyway.

    Please explain what is inherently bad about changing the port sshd uses.

  • 5n1p5n1p Member

    @MrX said:
    Really? I've never had that issue when changing sshd port with selinux enabled.

    Had this problem other day exactly on Centos6.5. Never happened on debian. It was on KVM host, when I installed OpenVZ kernel problem went away did't know it was selinux thanks @rds100, and it was like you say it could't start sshd except on port 22.

  • VirtovoVirtovo Member
    edited April 2014

    @Microlinux said:
    Please explain what is inherently bad about changing the port sshd uses.

    It's not terrible; however at least with a port below 1024 you know you're dealing with a daemon that was started by the system. Better to set up port knocking than moving the port.

    Of course passwordless auth negates the above.

  • @Virtovo said: however at least with a port below 1024 you know you're dealing with a daemon that was started by the system

    That means nothing in any relevant security context. I'm not sure what you are getting at?

  • 5n1p said: and it was like you say it could't start sshd except on port 22.

    It could, but you must modify the selinux policy to allow sshd to run on another port. The default policy only allows it to use port 22.

  • smansman Member
    edited April 2014

    @Microlinux said:
    That means nothing in any relevant security context. I'm not sure what you are getting at?

    He's talking about priviledged ports. Technically, ports below 1024 are more secure to connect to. So technically, it's better to keep ssh on those lower ports when you change it from something other than 22.
    http://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html

    It's just another thing for wannabe security experts addicted to security paranoia to get unnecessarily paranoid about.

    Thanked by 1raindog308
  • MicrolinuxMicrolinux Member
    edited April 2014

    I get that concept, but that's security advice from like 1970.

    A "regular" user would most likely need root privileges to kill off the legit sshd if it were attached to a higher port, in the first place? At that point, "privileged" would seem to become irrelevant.

Sign In or Register to comment.