Changing SSH port, binding to one IP... good or bad idea?

[Gliebster]

I read that changing SSH's port (in /etc/ssh/sshd_config) from 22 to a random high port is good for security. I tried it, restarted OpenSSH, and got the message below. I was still able to SSH back in and change the port back to 22.

Is this a good or bad idea while using cPanel?

Also, when people suggest "binding SSH to one IP" for security, what good does that do? I suppose it would keep people from knowing where to start their hacking but wouldn't it prevent users from logging in with theirdomain.com?

Aug 4 11:16:31 server1 sshd: sshd -TERM succeeded Aug 4 11:16:34 server1 sshd: succeeded Aug 4 15:44:19 server1 sshd: sshd -TERM succeeded Aug 4 15:44:19 server1 sshd: sshd -TERM succeeded Aug 4 15:44:19 server1 sshd: succeeded Aug 4 16:13:23 server1 sshd: sshd -TERM succeeded Aug 4 16:13:23 server1 sshd: sshd -TERM succeeded Aug 4 16:13:23 server1 sshd: succeeded Aug 4 16:15:52 server1 sshd: sshd -TERM succeeded Aug 4 16:15:52 server1 sshd: sshd -TERM succeeded Aug 4 16:15:52 server1 sshd: succeeded Aug 4 16:28:32 server1 sshd: sshd -TERM succeeded Aug 4 16:28:32 server1 sshd: sshd -TERM succeeded Aug 4 16:28:32 server1 sshd: succeeded Aug 4 16:29:12 server1 sshd: sshd -TERM succeeded Aug 4 16:29:12 server1 sshd: sshd shutdown failed Aug 4 16:29:12 server1 sshd: succeeded sshd has failed, please contact the sysadmin.

cPanel.net Support Ticket Number:

[rogcan]

I know this is an old post but does anyone have an answer for this ???

I had the exact same question so i thought it was best to keep this one updated.

[chirpy]

Digging up 3 year old threads isn't usually a good idea

That said, changing the SSH daemon port to a high random number is indeed a good idea and usually means that SSH port scans from script kiddies pass you by. Binding to a specific IP address is also a good idea as it means that you're reducing the likelyhood of an SSH port attack by the number of IP's on the server less the one it is on - i.e. smaller target.

Restarting SSHD in WHM will always how an error if you run it on a non-standard port.

[Lyttek]

Since we're on the un-dead subject... a friend mentioned he changed SSH to port 21 to confuse the port scanners... not sure how I feel about that. Thoughts?

[chirpy]

Obviously you would have to disable/move FTP to do that. However, the port is still going to be bombarded with FTP exploit scans so it's usually a better idea to run it on an ephemeral port (>1024).