Use a Non-Standard SSH Port
By default, ssh listens for incoming connections on port 22. For a hacker to determine ssh is running on your machine, he’ll most likely scan port 22 to determine this. An effective method is to run ssh on a non-standard port. Any unused port will do, although one above 1024 is preferable. Many people choose 2222 as an alternative port (as it’s easy to remember), just as 8080 is often known as the alternative HTTP port. For this very reason, it’s probably not the best choice, as any hacker scanning port 22 will likely also be scanning port 2222 just for good measure. It’s better to pick some random high port that’s not used for any known services. To make the change, add a line like this to your /etc/ssh/sshd_config file:
Port 2345 #Change me
and restart the sshd service. Don’t forget to then make any necessary changes to port forwarding in your router and any applicable firewall rules.
Because ssh is no longer listening for connections on the standard port, you will need to tell your client what port to connect on. Using the ssh client from the command line, we may specify the port using the -p switch:
Leave a Reply
You must be logged in to post a comment.