Change SSH port-default port 22 is a high security risk

I will explain how to change the SSH port. The default port 22 is a high security risk, so change it to a different number.

The SSH server configuration file is below, so open it with vi.

cd / etc / ssh
sudo vi sshd_config

Then find the following line. The port number is commented out. In this case, it defaults to port 22.

#Port 22

Let's change the port number. This time, I set the port number to 55550 one line below.

#Port 22
Port 55550

Enter ": wq" through Esc, then press Enter to save and exit.

Restart SSH server

Restart the SSH server with the systemctl command for the configuration file to take effect.

sudo systemctl restart sshd

Confirm that it has been restarted.

sudo systemctl status sshd

The important thing here is not to disconnect the current SSH connection. Keep your current connection until you can confirm that you can connect on the changed port. That way, if you make a mistake in your SSH server settings, you can fix it.

If it becomes impossible to connect with SSH, there is always a function called console on the Web management screen of VPS or public cloud, so let's modify the SSH configuration file from that screen. ..

How dangerous is port 22 in terms of security?

For well-known cloud services, consider that there are a large number of attackers from all over the world. There are many bad people trying to break in.

Port 22 is the default SSH port, so it is port scanned from the Internet. I'm checking what the house key looks like.

Next, try your ID and password. Well, it's so-called picking.

If it detects your ID and password, it will break in.

Once compromised, the user can do whatever he can. It can be used as a stepping stone server or commands can be executed without permission.

If that user is a sudo user, it's hard. All files can be rewritten and malicious programs can be deployed.

It is not easy for the investigator to know where the malicious program was installed.

When that happens, the true complete recovery of security is a server rebuild. This is a daunting task.

If you do not change the SSH default port, there are risks such as those mentioned above.

What port should I use?

Other than the well-known port (0–1023), it should be less than 65535, which does not overlap with the port numbers used by your web application (for example, use 3000 and 8080 in your web app).

It's also a good idea to avoid the default port numbers for server applications such as MariadDB and Redis.

The following is an example of an SSH port number.


Associated Information