As the administrator of your Virtual Private Server you will need to keep the software of the server up-to-date.
This requires that you login to the server. You will do that over SSH – the Secure SHell.
Every network protocol has its own default communication port. For instance, for HTTP that is port 80. The default port for SSH is 22.
Switching to a different port than the default one, is a simple way of increasing the security of your server.
Even companies offering shared hosting plans often choose a different port for SSH than 22. For the very same reason – security.
Changing the SSH port of your VPS is a quick and easy hack. In this port you will see how to do this.
Changing the SSH Port
The login command is:
ssh -p $portnumber $username@$ipaddress
Replace the $prefixed entries with your own details. You can omit the port number when your client and the server use the same port number.
Once logged in, enter at the prompt:
sudo nano /etc/ssh/sshd_config
Make sure you type
sshd_config, and not
ssh_config is the configuration file for clients. For machines that initiate the SSH connection. Like your PC or Mac you are logging in from.
sshd_config file is the configuration file on the receiving end, the server.
When the SSH server configuration file opens, you will see something like this:
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600
We are merely interested in one line, the first uncommented line. That first line without the # sign that reads:
Now you will recognize this port as the default port for SSH connections.
Basically, you can replace the 22 by any number as long as it is not already taken by another process on your server. However, it is always better to avoid commonly used port numbers.
Pick a number above 2000 and check with the Wikipedia list whether it is listed. Consider listed port numbers are assigned, and therefore unavailable.
An example of an unlisted port is 6782. for example.
You can use the same port number when you are connecting to your server over SFTP – Secure FTP that also benefits from SSH.
Although we have changed the default port number, the server still requires SSH connections over port 22. That is until the server reboots.
Since we like to reduce reboots to a minimum, we can also restart the SSH process or make sure that the server reloads the changed configuration file – the sshd_config.
To restart the SSH service type:
sudo service ssh restart
The system answers with:
ssh stop/waiting ssh start/running, process 3154
Your server will probably display a different process number, but that is okay.
As you can see, a ‘restart’ command first stops the service. That makes sense. Once the service is stopped, it can be restarted.
But this implies that a ‘restart’ interrupts the SSH service. Albeit for a brief moment.
An available alternative is the reload command.
To reload the SSH service, enter:
sudo service ssh reload
This time, unless the reload fails, you will not get a reply from the server.
The advantage of reload, compared to restart, is that the service is not interrupted at all.
Was that easy?
An alternate list with commonly used port numbers is available on the iana.org website. The Internet Assigned Number Authority is an operation of the ICANN.