New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Help with SSH Port
click4easy
Member
hello there,
I'm having a vps with burst net. Can anyone suggest me on how i can change the ssh port. I've lost it when it was changed last time. So it is not 22
Please suggest me on how to do it. Do we have any option via veportal ? If so, please provide me necessary instructions
Comments
/etc/ssh/sshd_config
I'd strongly recommend you love away from those bunch of clowns.
lmgtfy.com/?q=how+to+change+sshd+port
Here's a oneliner to do that:
sed -i 's/Port 22/Port 9776/' /etc/ssh/sshd_config && service ssh restart
Make sure that you don't have selinux enabled, because it will probably prevent your sshd from starting.
Really? I've never had that issue when changing sshd port with selinux enabled.
@MrX you didn't have enforcing selinux then Try on CentOS 6.
Changing SSH port is a bad idea anyway.
It is not exactly a bad idea but if anyone is under the impression that it somehow increases security, they are badly mistaken. I do often change the SSH port on one of my boxes in order to get around blocks on port 22 (I change it to 80 or 443).
If you are attempting to make SSH more secure, try the following
1) Switch to Key Based Authentication
2) Lock down SSH to a few select IP addresses.
In my case, I have a VPS set aside strictly for being a SSH Proxy. All of my servers have the IP address to this box whitelisted. I simply need to connect to that proxy and then from there, ssh into the target box. Several of my boxes dont even have a dedicated public IP address as they are being solely used for compute power.
If you refer to ports by service name anywhere you should also change that
/etc/services
around line 45
ssh 22/tcp
ssh 22/udp
Please explain what is inherently bad about changing the port sshd uses.
Had this problem other day exactly on Centos6.5. Never happened on debian. It was on KVM host, when I installed OpenVZ kernel problem went away did't know it was selinux thanks @rds100, and it was like you say it could't start sshd except on port 22.
It's not terrible; however at least with a port below 1024 you know you're dealing with a daemon that was started by the system. Better to set up port knocking than moving the port.
Of course passwordless auth negates the above.
That means nothing in any relevant security context. I'm not sure what you are getting at?
It could, but you must modify the selinux policy to allow sshd to run on another port. The default policy only allows it to use port 22.
He's talking about priviledged ports. Technically, ports below 1024 are more secure to connect to. So technically, it's better to keep ssh on those lower ports when you change it from something other than 22.
http://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
It's just another thing for wannabe security experts addicted to security paranoia to get unnecessarily paranoid about.
I get that concept, but that's security advice from like 1970.
A "regular" user would most likely need root privileges to kill off the legit sshd if it were attached to a higher port, in the first place? At that point, "privileged" would seem to become irrelevant.