Change SSH Port

[polkocholo]

i change ssh port from this topic: http://forums.cpanel.net/f5/how-chan...tml#post224465

but ssh port not changed and i can connect to ssh via port 22

[LinuxTechie]

Hey,

So are telling you not able to login as root now? If you are able to login, do post the ssd_config's first lines for a check on it. After changing the port, the port also needs to be opened in the firewall. O/w such issues may cause.

[crazyaboutlinux]

Here is the steps to change SSH port which works fine for me

To change the SSH port number login as root, and edit /etc/ssh/sshd_config

Find the line that says Port 22 and change 22 to any number between 1024->65535 (above 30000 is best) and save the file.

Once done, run:

/etc/init.d/sshd restart

Now start a new SSH session (don’t close your existing one), to make sure that you can get in.

And as per cPtechie the new port must be opened in the firewall e.g CSF firewall

[polkocholo]

I have done all these things
But the port did not change!

[crazyaboutlinux]

Is your server on VPS ? if so then then don't remove line of existing port & enter the new one & save the file then restart sshd
service sshd restart

see below

Code:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
Port xxxx (replace with your port)
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

[polkocholo]

Dear crazyaboutlinux
i have dedicated server > ttp://www.hetzner.de/en/hosting/produkte_rootserver/eq4

[crazyaboutlinux]

same setting is working on my both dedicated & VPS server

please provide us error message so that other people can assist you better

ensure that ther port is opened in firewall

telnet localhost your port

[k-planethost]

At command prompt type: pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:

Code:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::


Uncomment and change

#Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)


Uncomment and change

#Protocol 2, 1

to look like

Protocol 2


Uncomment and change

#ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)


Note 1: If you would like to disable direct Root Login, scroll down until you find

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.


Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.if everything ok disable telnet after
make sure you know what you doing and not lock yourself out

[cPanelTristan]

I would not suggest editing core files such as SSH configuration ones in pico or nano, which can corrupt lines and cause the file to not function any longer. Additionally, using pico or nano will not tell you if another user on the system has the file opened, while vi will create a swap file (.swp) for anyone else with the file opened to warn you that another user on the system is editing the file at the same time.

Basically, please use vi instead to edit the file. Any important files that risk corruption and can cause the system to cease working upon editing need to be a) copied before editing them, b) edited in vi

[cPanelJeff]

Another important thing to take into consideration is the choice of port. Any non-root users with access to your server can start a service that listens on a port above 1023. Let's say you've configured sshd to listen on port 12345. Now let's say that someone has figured out a way to stop the sshd process (this doesn't necessarily have to be due to a bug in the ssh daemon, or even be due to a bug at all). With ssh no longer listening on port 12345, any local user can run their own sshd on that port for the purpose of collecting usernames and passwords. This is especially dangerous on servers where root logins are permitted via ssh.

Use a port below 1024 that is not already in use, as those are ports that only the root user should be able to listen on (hence why ssh listens on port 22 by default, httpd on port 80, DNS on 53, FTP on 21, and so on). You can obtain a list of ports currently being used via the "netstat" command:

Code:

[user@host ~]$ netstat -nl