Change SSH Port

Several days ago I rent a Virtual Private Server (VPS) from a local web hosting provider in my country, the reasion I pick this provider was they are known well and cheap, and inportantly they provide easy payment by Debit Card since I have no CC available at the moment.

Then I had about 30 bruteforce attack on port 22, it was trying to access my VPS with different IP sources. I had installed fail2ban and applied it with iptable but I was not satisfied since they keep coming in the next day, which in total I got 300 IPs ban on my iptable and it poluted my log file.

I decided to contact service provider and ask for their advice, the told me to change default SSH port and I am happy with that. Since then, there is no longer any bruteforce detected on the VPS, log seems clean as expected.

As I use RHEL based OS, here is the step how I change SSH port to prevent such anoying bot bruteforce attack.

1.) Edit the /etc/ssh/sshd_config file with your preferred text editor. vi /etc/ssh/sshd_config

2.) Find the line that has “#port 22” and un-comment the line, then change 22 to the port you wish to use. Change: #port 22 To: port 8340 Save the file. (:wq)

3.) Restart the ssh service: CentOS/Fedora/RHEL:

systemctl restart sshd

or

service sshd restart

Ubuntu/Debian:

systemctl restart ssh

or

service ssh restart

4.) If you use iptables or the standard Linux firewall, add a rule to allow traffic to the new SSH port. (If your firewall is empty, no need.) Ubuntu/Debian:

ufw allow 8340

CentOS/Fedora:

firewall-cmd --permanent --zone=public --add-port=8340/tcp
firewall-cmd --reload

or

iptables -A INPUT -i eth0 -p tcp --dport 8340 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 8340 -m state --state ESTABLISHED -j ACCEPT

Reference blog-post