Setup SSH to run on a non-standard port

By default OpenSSH (SSH Remote Login Protocol) server runs on tcp port 22. This is useful for a single system connected to DSL/ADSL or home internet equipments. Others cannot guess your port easily (until and unless they perform port scan). If port scan is blocked, then no one can figure it out your ssh port (again some one need to write a script to try connection at every port). This make your servers just a little more difficult to access.

ADVERTISEMENTS

Open /etc/ssh/sshd_config file and look for line Port 22 and change line to Port 2222. Restart sshd server.

Sshd is running on a non-standard port, connection attempts to the system will fail. You need to connect using following command:

$ ssh -p 2222 user@your-ip

OR

$ ssh -p 2222 user@you.homenetwork.org

Where,

  • -p: Port to connect to on the remote host.

Scp also supports same option with capital letter P.

$ scp -P 2222 user@your-ip:/home/rocky/mp3/abc.mp3 /tmp

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
4 comments… add one
  • fak3r Mar 23, 2006 @ 23:58

    Another *very important* thing you should do is to not allow ‘root’ login to SSH. Thus you have to login as a normal user and then ‘su – root’ over if you need root access. This closes yet another avenue for an attacker to enter.

    Same file as mentioned about, just make sure this line is out:

    PermitRootLogin no

    Restart SSHd, all set. After that, login like this:

    ssh -l USER -p PORT HOSTNAME

    fak3r

  • Patrick Nelson Jun 26, 2009 @ 14:51

    @fak3r: Good point. We’re already setup that way. The fact that if you’re already vulnerable to being brute forced on standard SSH port 22 would make you even more vulnerable to actually being cracked if you even allowed root login like that. Then, the attacker would have better chances on your server (if you allowed it) by simply trying just “root”.

  • pattaya Jobs Dec 6, 2010 @ 10:01

    standard SSH port 9923 would make you even more vulnerable to actually being cracked if you even allowed root login like that. Then, the attacker would have better chances on your server (if you allowed it) by simply trying just “root”.

  • Fırat Celal Erdik Jan 16, 2012 @ 23:48

    you can use sshfs tool for mounting from some local directory to remote directory over ssh with blow command..you should install sshfs with apt-get install sshfs

    #sshfs -p 234 /root/Desktop/mountdirectory root@remotehost:/etc/

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.