Simple way to prevent many attacks on SSH. So, default is 22 and it is best practice to change this port. Configure SSH port in sshd configuration. Note: pick whatever port is open.
Is Port Available?
Here is how to check if port is available:
root@mail01:~# ss -alp | grep ":2221"If no lines are returned the port is available to use. Remember, once used then other applications can not use that port for that address once it is used by an application. So, if below happens then read below
tcp LISTEN 0 128 0.0.0.0:2221 0.0.0.0:* users:(("sshd",pid=10831,fd=3))
tcp LISTEN 0 128 [::]:2221 [::]:* users:(("sshd",pid=10831,fd=4))If above returns the adjust port to pick another port or further limit the address via ListenAddress just remember the ip has to be configured via network adapters first. Now, that is not covered in this article. I just wanted to let you think about what to do here and options that can be configured.
Change sshd_config
nano /etc/ssh/sshd_configExample sshd_config Section to Change
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
Port 2221
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::Reset the Service
service ssh restartConfigure Firewalls to allow TCP to Chosen Port
For Example:
sudo ufw allow 2221/tcpRemove 22/tcp from Firewall
For Example:
sudo ufw delete allow 22/tcpDisconnect and Reconnect
Remember, it is important the port by default is 22. To specify add the -p.
ssh -p 2221 root@1.1.1.1Optional Things to Consider
For now, I am not going to add these to the article but further items to make the server more secure.
- add a firewall to the server
- add fail2ban to block repeated attacks on the server.
