By default the Linux SSH server (usually OpenSSH) listens for connections on port 22. Everyone knows this, including hackers. If you have other security measures in place, it may not matter if would-be attackers know your SSH port. Nevertheless, having SSH on another port other than the default may add a bit of a deterrent to at least keep out the small-time hackers.
Blocking port 22 on your dedicated server is kind of like permanently sealing the front door of your house with a wall and using another door that only you and your family know about. It would not keep out a determined intruder because he could always search for the other door, but it will confuse the inexperienced attacker and make it more difficult to get in.
To change your SSH port, as root, edit the sshd_config file in your /etc/ssh directory.
You will find a line that looks like this:
Change the number to the port number of your choice. Make sure it is a port not used by another service.
Save the file and then restart sshd:
By changing the port that SSH uses, you will have added a thin layer of security to your server. It will not stop the more advanced bots, so you will still need to take extra precautions. Also, make sure you configure your firewall to block port 22 and allow the new port that you have assigned to SSH.
- How to Change Your SSH Port with SELinux (RHEL 6)
- How to Change Your Server’s FTP Port
- How to Change the Port Number in Postfix
- Some Common Server Port Numbers
- More Port Analysis with lsof