Hello, I am looking to change the port 22 of my VPS for another port in etc/sshd_config. Right now, Password Authentication is currently disabled in Security/WHM. I am looking at my sshd_config more carefully. I compare with the example of sshd_config File given to Securing SSH Questions: 1) In my sshd_config file, I see: PasswordAuthenticationno (without empty space between PasswordAuthentication and No). In the example of cPanel, there is an empty space. Is it normal ? 2) I do not think I'll use SSH / port 22 on this server. Right now, Password Authentication is disabled in Security/WHM. Therefore, can I erase without problem the port 22 in Allow incoming TCP ports of the CSF firewall configuration file ? Sorry if the question is stupid. 3) Can I choose one of the following port (below 1024): 223, 223 ... 299 (by example). 4) Do I have to change ListenAddress with my own IP for better security ? Regards
1) there should be a space as far as I know. 2) yes, you can close the port 22 once you move SSH to another port. Be sure to open that port first. 3) yes you can use any other un-used TCP port. 4) Listen address just tells the server which of it's own IP's to listen on. Leaving it default means you can SSH to any IP allocated to the server. If you change it to one of the IP's assigned to the server, that is the only IP that will accept SSH connections.
1) There is no space in sshd_config and its a new server since three days The file have been opened/edited today but not by me. Maybe it's a bad writing from WHM (it's the last version release). 2) I would like only disable password auth in WHM Security and remove the port 22 inside the two lists of CSF config file. I don't want use/move the port 22. My VPS is managed.
cPanel doesn't install the stock sshd_config file, your operating system package manager (i.e. RPM or yum) does. What I'm saying is you can remove port 22 from csf config for open ports, but you have to add the new ssh port number to open ports before you change the port that SSH is using in sshd_config.
Yes, you are right. But my question was can I only delete the port 22 in incoming/outcoming ports CSF listing and forget the rest (without edit sshd_config) ? I am alone on my VPS (my own website) and the hoster have access to SSH with their tools.
Yes, you can do this but keep in mind that SSH will not be accessible. You will have to contact your hosting provider in the event WHM fails to load. Thank you.