SSH It is without a doubt the bread and butter of those of us who manage networks. Well, we need to control, remotely manage other computers and / or servers, and using SSH we can do this ... we can do as much as our imagination allows us 😀
Happens that SSH uses by default the 22 port, so all hacking attempts to SSH will always default to 22 port. A basic security measure is simply NOT to use SSH on this port, we will configure for example SSH to listen (work) on the port 9122.
Accomplishing this is extremely simple.
1. We must obviously have SSH installed on our server (package openssh-server)
2. Let's edit the file / Etc / ssh / sshd_config
For this in a terminal (as root) we put:
- nano / etc / ssh / sshd_config
There between the first lines we see one that says:
Port 22
We change the 22 for another number, which would be the new port, in this example we said that we would use 9122, so the line would remain:
Port 9122
3. Now we restart SSH so that it reads the new configuration:
- /etc/init.d/ssh restart
This in case they use Debian, Ubuntu, SolusOS, Mint. If they use Arch would:
- /etc/rc.d/ssh restart
And voila, they will have SSH through another port (9122 according to the example we have used here)
Well I think there is nothing more to add.
Any questions you have, let me know 😉
regards
PD: Remember, all of this has to be done with administrative privileges ... either as root, or using sudo.
And I suppose you should be careful not to use a port that is not used by another program, right?
Well, yes ... .. it should not coincide with a port already in use by another service ...
Yes, of course, indeed. If we put SSH to use port 80 (for example) and we have Apache (Nginx, etc) running on that same port, there will be conflict and SSH will not work 😉
I had to do that about a year ago to create a channel with someone in Miami. Apparently the hotel where I was had a firewall of those annoying. We routed everything through port 80 and the firewall thought it was all web.
In fact elav will put tomorrow (I hope) a post on how to use SOCKS5 to bypass the security of proxies 😉
Interesting, we'll wait for the note.
Meanwhile dear KZKG ^ Gaara, I tell you that I saw your foray into the Mint forum, for when a review of the Unofficial LMDE KDE SC?
I'm not the best suited for reviews hahaha, but I'll try to make one of this.
I set to lower the ISO for our VPS mostly to seed, to help spread 😉
I would add that to make it more secure, in the same configuration file look for the line PermitRootLogin yes (if I remember correctly yes this is by default) and change to no, with this we avoid a possible brute force attack on the superuser since it does not allow to login as such, and to perform a task that requires root privileges, we log in with our user and use a simple su.
Very good qualification !!
Hello KZKG ^ Gaara I have some questions I hope you can help me.
The first is where it is convenient to create the rsa keys on the server or on the client.
I just installed netbsd on Virtualbox and used the following command:
ssh-keygen -t rsa -f / etc / ssh / ssh_host_key -N «» there is another way to do it as a simple ssh-keygen -t rsa but it saves it in another directory, this creates a bit of confusion, the topic networks It is not my strong suit, I am trying to create a cluster with 2 or more virtual machines as clients and the host as server, just to learn the methodology of the assembly and the communications between them through ssh since I have only one PC.
I would like if you can make a post about the connections host (server) Virtualbox (client) or vice versa using ssh starting from the creation of rsa keys. I have been able to communicate through ssh scp to netbsd (VM) and vice versa but I made a barbarous mess creating the keys both in the host and in netbsd (Virtualbox) and I was left with more doubts than certainties.
A greeting !!!
Thanks, I had never fallen for that, it makes it much safer and on top of it is simple to do.
sudo service ssh restart on new ubuntu.
Thanks, I hadn't cooled off yet.
Thanks for sharing the knowledge !!
good afternoon, I have the following problem to see if someone can help me.
I had a database hanging at an erp address. »» »» »» »» », and it turns out that since yesterday I cannot access it tells me: Firefox cannot establish a connection with the server in erp. ****** *******.is. The company that created it for me disappeared, and I am unable to work, I have all the access data, but I don't know what to do, when I try to enter with the same address but with: 8585 at the end it says:
it works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.
Can someone give me some advice or something, I would be very grateful, since yesterday I can't work
thank you very much
They just told me that it seems that it has some kind of firewall or something that prevents accessing port 80, it had 22 and I have changed it as you have explained but it remains the same
Hello friend, you know that I followed all the steps, I restarted SSH, then, I went to the configuration of my firewall to open the ports, but nothing happens, it continues with the same, I use CSF firewall in centos 6.5. If anyone knows, please help!
A greeting!
Thanks for the guide
I changed port 22, but now how do I connect to the server? as I specify the port by which I want to access
Good morning, I hope you can help me, change the port in the sshd.config file on the line
Port 22 to Port 222
and restart the sshd service
and I can no longer connect with port 22 or with port 222 as I can do to connect again and restore the configuration.