Simple way to prevent many attacks on SSH. So, default is 22 and it is best practice to change this port. Configure SSH port in sshd configuration. Note: pick whatever port is open.

Is Port Available?

Here is how to check if port is available:

root@mail01:~# ss -alp | grep ":2221"

If no lines are returned the port is available to use. Remember, once used then other applications can not use that port for that address once it is used by an application. So, if below happens then read below

tcp   LISTEN 0      128                                       0.0.0.0:2221                    0.0.0.0:*     users:(("sshd",pid=10831,fd=3))
tcp   LISTEN 0      128                                          [::]:2221                       [::]:*     users:(("sshd",pid=10831,fd=4))

If above returns the adjust port to pick another port or further limit the address via ListenAddress just remember the ip has to be configured via network adapters first. Now, that is not covered in this article. I just wanted to let you think about what to do here and options that can be configured.

Change sshd_config

nano /etc/ssh/sshd_config

Example sshd_config Section to Change

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port 2221
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Reset the Service

service ssh restart

Configure Firewalls to allow TCP to Chosen Port

For Example:

sudo ufw allow 2221/tcp

Remove 22/tcp from Firewall

For Example:

sudo ufw delete allow 22/tcp

Disconnect and Reconnect

Remember, it is important the port by default is 22. To specify add the -p.

ssh -p 2221 root@1.1.1.1

Optional Things to Consider

For now, I am not going to add these to the article but further items to make the server more secure.

• add a firewall to the server
• add fail2ban to block repeated attacks on the server.