Whenever you’re running your Linux own server on the internet, you will most probably require console access. The best idea is using SSH. This is usually on port 22. After leaving your server alone for a couple of days, you will notice that /var/log/messages fills up with incorrect logon attemps. This shouldn’t be an issue if you follow the rules:
- do not allow root acces
- use certificate authentication
- alternatively use a very very strong password
But still, it’s annoying and clogs the log. Therefore I changed the port to something non standard. Even though this is not really securing the server agains dedicated hacking attemps but it will at least keep many automated scanners away and they will leave you alone.
First of all you will need to change your SSHd configuration. The file is usually at /etc/ssh/sshd_config. This needs to be edited. I always use the midnight commander for easier editing. Find the line:
And comment it in. Also add another line with the port you like. This way you reduce the chances of locking yourself out. You will end up with something like this:
Port 22 Port 1111
Now you need to restart the SSHd. This is depening on your Linux distro.
For CentOS this is okay: /etc/init.d/sshd restart
For Ubuntu based: sudo /etc/init.d/ssh restart
You should now connect to the new SSH port. If this is working, you should change the config file again in this session. Now you can comment out the old port 22 which leads to this config file:
#Port 22 Port 1111
Then restart the SSHd for a last time. Afterwards the connection to port 22 shouldn’t be possible anymore. Now only the new port should be valid for connections.
Of course I’m not responsible for having yourself locking you out of the server 😉