Setup SSH to run on a non-standard port

by on March 18, 2006 · 4 comments· LAST UPDATED March 18, 2006

in

By default OpenSSH (SSH Remote Login Protocol) server runs on tcp port 22. This is useful for a single system connected to DSL/ADSL or home internet equipments. Others cannot guess your port easily (until and unless they perform port scan). If port scan is blocked, then no one can figure it out your ssh port (again some one need to write a script to try connection at every port). This make your servers just a little more difficult to access.

Open /etc/ssh/sshd_config file and look for line Port 22 and change line to Port 2222. Restart sshd server.

Sshd is running on a non-standard port, connection attempts to the system will fail. You need to connect using following command:

$ ssh -p 2222 user@your-ip

OR

$ ssh -p 2222 user@you.homenetwork.org

Where,

  • -p: Port to connect to on the remote host.

Scp also supports same option with capital letter P.

$ scp -P 2222 user@your-ip:/home/rocky/mp3/abc.mp3 /tmp

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 4 comments… read them below or add one }

1 fak3r March 23, 2006 at 11:58 pm

Another *very important* thing you should do is to not allow ‘root’ login to SSH. Thus you have to login as a normal user and then ‘su – root’ over if you need root access. This closes yet another avenue for an attacker to enter.

Same file as mentioned about, just make sure this line is out:

PermitRootLogin no

Restart SSHd, all set. After that, login like this:

ssh -l USER -p PORT HOSTNAME

fak3r

Reply

2 Patrick Nelson June 26, 2009 at 2:51 pm

@fak3r: Good point. We’re already setup that way. The fact that if you’re already vulnerable to being brute forced on standard SSH port 22 would make you even more vulnerable to actually being cracked if you even allowed root login like that. Then, the attacker would have better chances on your server (if you allowed it) by simply trying just “root”.

Reply

3 pattaya Jobs December 6, 2010 at 10:01 am

standard SSH port 9923 would make you even more vulnerable to actually being cracked if you even allowed root login like that. Then, the attacker would have better chances on your server (if you allowed it) by simply trying just “root”.

Reply

4 Fırat Celal Erdik January 16, 2012 at 11:48 pm

you can use sshfs tool for mounting from some local directory to remote directory over ssh with blow command..you should install sshfs with apt-get install sshfs

#sshfs -p 234 /root/Desktop/mountdirectory root@remotehost:/etc/

Reply

Leave a Comment

Previous post:

Next post: