Simple way to prevent many attacks on SSH. So, default is 22 and it is best practice to change this port. Configure SSH port in sshd configuration. Note: pick whatever port is open.
Is Port Available?
Here is how to check if port is available:
root@mail01:~# ss -alp | grep ":2221"
If no lines are returned the port is available to use. Remember, once used then other applications can not use that port for that address once it is used by an application. So, if below happens then read below
tcp LISTEN 0 128 0.0.0.0:2221 0.0.0.0:* users:(("sshd",pid=10831,fd=3)) tcp LISTEN 0 128 [::]:2221 [::]:* users:(("sshd",pid=10831,fd=4))
If above returns the adjust port to pick another port or further limit the address via ListenAddress just remember the ip has to be configured via network adapters first. Now, that is not covered in this article. I just wanted to let you think about what to do here and options that can be configured.
Example sshd_config Section to Change
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. Include /etc/ssh/sshd_config.d/*.conf Port 2221 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
Reset the Service
service ssh restart
Configure Firewalls to allow TCP to Chosen Port
sudo ufw allow 2221/tcp
Remove 22/tcp from Firewall
sudo ufw delete allow 22/tcp
Disconnect and Reconnect
Remember, it is important the port by default is 22. To specify add the -p.
ssh -p 2221 email@example.com
Optional Things to Consider
For now, I am not going to add these to the article but further items to make the server more secure.
- add a firewall to the server
- add fail2ban to block repeated attacks on the server.