Saturday, 15 March 2014

Changing the Default Port for OpenSSH on Arch Linux

When I had public servers with port 22 (OpenSSH) open, they got scanned daily.  When I changed the port to a non-standard one the majority of my problems went away.

While security by obscurity is simply not a secure enough option, it certainly reduced the number of log entries I had to review daily when it got rid of the script kiddies.

I'll refer to my favourite distribution Arch Linux for this post - but the majority of this can be used on many Linux flavours.

Changing the default port of OpenSSH is very easy.  First select a higher range port to use, I'll use 22022 for my example.  Check that the port you chose is not being used by anything with the following command (nothing returned is good).

    grep 22022 /etc/services

Now edit (as root) /etc/ssh/sshd_config and enter your port.

    Port 22022

Finally restart your service (as root).

    systemctl restart sshd.service

Excellent.  Now test it with something like.

    ssh -p 22022 jeff@localhost



No comments:

Post a Comment