[HOW-TO] change SSH port to avoid brute force attacks!

Improve security of your Artica server, all discuss about security news and how to fight against hackers/Spammers

[HOW-TO] change SSH port to avoid brute force attacks!

New postby chris_c_ » Tue Sep 06, 2011 5:04 am

True story: new VPS, naturally with the default SSH port 22.

First 10 minutes of life:

117 MB of SSH brute force password-guessing traffic !!!

Change SSH port: traffic drops to 1% of that !!


To stop 99% of this hacker brute force traffic: change SSH port number from 22 to something else, 1-65535. Port must be not in use.


Code: Select all
nano /etc/ssh/sshd_config


See the line, where that code is written:

Code: Select all
        # What ports, IPs and protocols we listen for
    Port 22


Change this port to whatever port you like, not in use.

It must be less than 65535.

In this example, we use 8722.

Use a different port for your server...

*** If you are using a firewall (you should!!) don’t forget to open that port! Otherwise you won’t be able to login on that port ;-)



**** (OPTIONAL) For testing purposes (like when you don’t have physical access to that server) I would really recommend to not edit the sshd_config by just changing that line:

Code: Select all
   
    # What ports, IPs and protocols we listen for
    Port 22


I’d rather recommend to add a second port, like that:
Code: Select all
   
    # What ports, IPs and protocols we listen for
    Port 22
    Port 8722


Your server will then listen on two ssh ports!
The advantage is: if anything (like) firewall doesn’t work you are not locked out of your box and won’t have to much hassle with running a recovery console and so on.

*** Restart ssh daemon to apply changes

Ok let’s get our new (added or changed) ssh port running:
Code: Select all
        /etc/init.d/ssh restart


then open a new terminal and try to connect with the switch -p
Code: Select all
        ssh myuser@mydomain.com -p 8722



(reference: http://news.metaparadigma.de/linux-chan ... ports-206/ )
chris_c_
 
Posts: 794
Joined: Wed Oct 20, 2010 7:15 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A Geek

Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron