Changing the Default SSH Port By default, the SSH port is 22. Since it is the default, hackers scanning ports will look for this, so we should change it to something more random. This helps avaoid brute force attacks!
SERVER-IP - Replace this with the ip number of your server MYUSER - Replace this with the username you will use for normal logins to the server "Bob, Joe, Linda, etc"
Start by opening the SSH configuration:
$ sudo nano /etc/ssh/sshd_config
In the file, you will see. commented out line for the port number like this:
Now just uncomment it, and change it to a more obscure number that is higher than 1024. For example:
Now save the file by hitting [CTRL-X] then Y, then [ENTER]
Assuming you followed our Ubuntu 20.04 - Initial Setup tutorial, you will have setup a rule in the UFW firewall to allow Port 22 for OpenSSH. We need to remove this now and change it to our new port. Enter the following command:
$ sudo ufw status numbered
You should see the following output:
To Action From -- ------ ---- [ 1] OpenSSH ALLOW IN Anywhere [ 2] OpenSSH (v6) ALLOW IN Anywhere (v6)
We need to delete these:
$ sudo ufw delete 1
Press y + [ENTER] to proceed with the operation. Now there should only be one, so we repeat the same command again.
$ sudo ufw delete 1
Press y + [ENTER] to proceed with the operation. Now enter this command:
$ sudo ufw status
All you should see now is
Now we need to add in the port number we created earler for SSH
$ sudo ufw allow 5535
*If you didn't use 5535 in the config file above, use whatever number you entered.
Finally, we need to reload the firewall and relaod the sshd service:
$ sudo systemctl reload sshd
For this part, open a new terminal window without disconnecting from the one you are working in. This way you suill have the original one open in case you made a mistake and need to go back and make a change.
Now if you open a terminal window and try to login to your server, you should not be able to get in. Go ahead and try from your local computer:
$ ssh MYUSER@SERVER-IP
You should not be able to get in. The reason is that now you need to add -p, followed by the port number you created after ssh. for example:
ssh -p 5535 MYUSER@SERVER-IP
And now you should be back into your server using an obscure port!