SSH is the best service to control a dedicated server as it provides the full control to perform any task. So it’s one of the commonly used way to attack a server. Changing the default SSH port can help secure your server from launching brute force attacks to the default port.

 

**Change “someportnumber” to a new port number that is not in use for other services.
1. Login to your server as root
2. Within the command line, execute the command line ‘nano /etc/sysconfig/iptables‘ to edit the IPTables configuration file.
 Add the following line to the configuration file: ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport someportnumber -j ACCEPT‘ directly below line ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT‘ in the configuration file.
 Save and exit by holding down ‘ctrl‘ and ‘x
3. Within the command line run the command ‘service iptables restart‘ to restart the IPTables service
4. Run the command ‘service iptables status‘ to see if the new rule has been applied (optional)
5. Edit the SSH configuration file with the command ‘nano /etc/ssh/sshd_config
 Modify the line ‘#port 22‘ by removing ‘#‘ and replacing ‘22‘ to your new desired port number we opened on the IPTables configuration.
 Save and exit by holding down ‘ctrl‘ and ‘x
6. Within the command line, execute ‘service sshd restart‘ to restart the SSH service.
7. If you can still access the command line, type ‘ss -tnlp | grep ssh‘ to verify SSH is listening on the new port. (optional)
8. Connect to the server via SSH using the new port you selected.
9. Run the command ‘nano /etc/sysconfig/iptables‘ to edit the IPTables configuration file again.
 Comment out line ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT‘ by adding ‘#‘ in the beginning of the line to block all connectivity to port 22.
 Save and exit by holding down ‘ctrl‘ and ‘x
10. Execute the command ‘service iptables restart‘ to restart the IPTables service
  • Was this article Helpful ?
  • yes   no