Understanding the Differences and Application
In the realm of networking, IP addresses can be categor...
Changing the default SSH port on Ubuntu is an effective way to enhance server security. By default, SSH listens on port 22, which is a known target for automated attacks. Changing this port reduces the risk of brute-force attacks. This guide walks you through the process of changing the SSH port step-by-step.
Step 1: Update System Packages
Before making any changes, it’s good practice to update your system. Run the following commands to update the package list and upgrade existing packages:
sudo apt-get update
sudo apt-get upgrade -y
This ensures your system is using the latest stable packages.
Step 2: Open the SSH Configuration File
The SSH configuration file contains all the settings related to SSH. To edit this file, use a text editor like nano:
sudo nano /etc/ssh/sshd_config
Look for the following line in the file (it may be commented out with a #):
#Port 22
Uncomment the line (remove the #) and change 22 to your desired port number, for example:
Port 2222
⚠️ Important Tip:
Avoid using ports below 1024, as these are reserved for system processes. Also, avoid common ports like 80 and 443 to prevent conflicts with web servers.
Step 3: Update the Firewall Rules
After changing the SSH port, you’ll need to update your firewall to allow traffic on the new port. If you’re using UFW (Uncomplicated Firewall), run the following commands:
sudo ufw allow 2222/tcp
sudo ufw reload
These commands allow incoming connections on port 2222 and reload the firewall rules.
Step 4: Restart the SSH Service
For the port change to take effect, you’ll need to restart the SSH service. Run the following command:
sudo systemctl restart ssh
This reloads the SSH configuration file and applies the changes.
Step 5: Test the New SSH Port
Before closing your current SSH session, test the new port to avoid being locked out of your server. Open a new terminal window and connect to your server using the new port:
ssh -p 2222 user@your_server_ip
-p 2222: Specifies the new port number.user: Your server username.your_server_ip: Your server’s IP address.
If you can connect successfully, the new SSH port is working as expected.
Step 6: Disable Default SSH Port (Optional but Recommended)
Once you’ve confirmed that the new port is working, it’s a good idea to block port 22 to prevent potential attacks. Run the following command to deny access on port 22:
sudo ufw deny 22/tcp
sudo ufw reload
This ensures that only your new port is used for SSH connections.
Bonus Tips
- Avoid Common Ports: Use a random port number (e.g., 2202 or 5432) to make it less predictable.
- Set Up Fail2Ban: Fail2Ban can automatically block IPs that attempt multiple failed login attempts.
- Use Key-Based Authentication: Passwordless SSH login using public key authentication is more secure than passwords.
Why Choose SurferCloud?
Looking for a secure and high-performance VPS to manage your server? SurferCloud provides fast, reliable, and globally distributed servers that make server management seamless. With data centers in Asia, Europe, and the Americas, SurferCloud offers low-latency and secure hosting environments. Choose SurferCloud for flexible, scalable, and affordable VPS hosting.
