Article overview

Help article

Changing the SSH port of your Linux VPS

Servers  are often attacked by automated bots. In the case of Linux servers, they try (in almost all cases) to penetrate as root users via SSH port 22 by means of brute force attacks.

We, therefore, recommend changing your SSH port and disabling access to SSH as root user on your VPS. The latter has already been automatically applied to our DirectAdmin, Plesk and cPanel VPSs.

In this article, we show you how to change your SSH port. Changing your SSH port is a form of 'security through obscurity'; you make your VPS (partially) untraceable for most of the attacking bots. An additional advantage is that your log files remain more organized and you get a clearer picture when your VPS is attacked.

Do you use DirectAdmin, Plesk, or cPanel? Then, for changing your SSH port, check out our articles about securing these control panels:

Follow the steps in this article as a user with root privileges

 

Step 1

Connect to your VPS via the VPS console. If you connect via SSH, your connection will disconnect while you process the changes.


 

Step 2

Check your ports used with the command:

netstat -tulpn | less

An overview as shown in the screenshot below appears. In this overview, the port numbers are the numbers in the row 'Local Address' behind the colon.

 used port overview


 

Step 3

Choose a random port number between 0 and 65535 that is not shown in the overview (for example 47592) and press 'q' to stop netstat.


 

Step 4

Open the SSH configuration file with the command below. You can also use vim for this.

nano /etc/ssh/sshd_config

 

Step 5

The configuration file opens, and, amongst other things, you will see the code below.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22 
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress :: 

Uncomment / delete the # in front of '#Port 22' and change the number to the number you chose under step 2, for example:

Port 47592

Save the file and close the file by pressing ctrl + x> y> enter.


 

Step 6 

Add the chosen port to your firewall and connect port 22 to your firewall. Below, we have examples of some commonly used firewalls. Replace 47592 with the port number you selected in step 2. 

FirewallD 

firewall-cmd --permanent --zone=public --add-port=47592/tcp
firewall-cmd --permanent --zone=public --remove-port=22/tcp
firewall-cmd --reload

Iptables 

iptables -A INPUT -p tcp --dport 47592 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Depending on your OS, use one of the commands below to make the change permanent. 

CentoS 6: 

service iptables save

Ubuntu 14 

/etc/init.d/iptables-persistent save

Ubuntu 16+ 

netfilter-persistent save

Ufw 

ufw allow 47592/tcp
ufw deny 22/tcp

Nftables 

Debian is switching to nftables instead of iptables. Since most Debian users use ufw or iptables and nftables is a lot more complicated than these solutions, it now falls outside the scope of this manual. We will include a separate article on the use of nftables in our knowledge base in the future.   


 

Step 7

Finally, restart SSH with the command below.   

systemctl restart sshd

 

Optional: Step 8 - Selinux 

Do you use Selinux (you can check if you do using the command 'sestatus')? Add the selected port to Selinux as well:   

semanage port -a -t ssh_port_t -p tcp 47592

Are you getting an error that the semanage command cannot be found? Install the required package using:

yum install policycoreutils-python

 

Your SSH port has now been changed and your SSH connection can no longer be easily attacked by automated bots!

Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us