While there are many ways to make sure your server is as secure as possible there are some basic steps and measures that you can take to cover your bases.
Users with a Linux server can change their SSH port to something other than the default port (22).
The easiest way to change the port is to SSH into the server as root:
(hostname/IP should be replaced with the hostname of your server or the main IP address of your server)
Once you are logged in to the server as root we can begin editing the sshd_config file. As with any modification to an important server file, it is always a good idea to back it up before making any changes:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim) and locate the line that specifies the port. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (example below).
The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222 (which is used by Windows servers but not by default on Linux servers).
Remove the # symbol and change the port number:
Save your changes and close the sshd_config file.
We will also need to open the new port in the server’s firewall. This tutorial describes firewall changes on a standalone dedicated or virtual private server. If you have a hardware firewall in place please open a ticket with our support department so that we can make the necessary changes.
Once again we will use Vim as our text editor to make changes to the APF firewall configuration. As with the SSH configuration file it is a good idea to create a backup prior to making any changes.
cp /etc/apf/conf.apf /etc/apf/conf.apf.bak
Open /etc/apf/conf.apf in Vim (or your favorite text editor) and locate the line labeled Common ingress (inbound) TCP ports.
Add your new port number to the list of existing ingress ports. Be sure to add commas where necessary (follow the format of the existing port numbers).
Save your changes to the conf.apf file and close your text editor.
SSH and APF must now be restarted in order to activate your changes. You can do so by running the command ‘/etc/init.d/apf restart’ followed by ‘/etc/init.d/sshd restart’ (example below):
SSH will restart and listen on the port number you have specified.
It is important to note that if you change SSH’s port number this will also alter the way you need to run certain commands that utilize SSH. Examples of commands that would need the new port number specified include scp and rsync.
In order to give you the best support (and often fix problems before you even know they are happening) we need to have your SSH port on file in our records for your account. Log in to your PIMS account at http://liquidweb.com/pims .
Once you are logged in, click on the “Billing and Account Info” button near the top of the page, and then click on “Passwords” on the left-side navigation bar.
Find your server name in the passwords page and click on the ******* to the right. NOTE: You can also change your PIMS password on this screen. Do not click on the PIMS password because it will not show the below screen for updating your login settings.
On the following screen, click the “Advanced Settings” link below the password text box. You will see the following screen:
Check the box next to “Use alternate SSH port” and enter your new port number in the text field. Click the “Commit Changes” button.
Liquid Web’s Heroic Support is always available to assist customers with this or any other issue. If you need our assistance please contact us:
Toll Free 1.800.580.4985