In the era of daily brute force attacks, it is advisable to change your ssh port from default 22 to something higher, to lower your chances of being a victim.
I’m using CentOS 5.2 box here but the process should be identical in other RH based distros.
Step 1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):
old line: Port 22 Change it to: Port 54545 # any port number you wish
if you rush and try to restart your ssh service, you may end with getting error:
# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: /etc/ssh/sshd_config line 13: Badly formatted port number. [FAILED]
Step 2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be different in your file) and change port number:
old line: ssh 22/tcp # SSH Remote Login Protocol change it to: ssh 54545/tcp # SSH Remote Login Protocol
save and exit from the file.
step 3. Restart your sshd service, it should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way. If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.
To make it easy to supply port number every time when you ssh/scp, you can create alias in your machine. Best place to store aliases is your ~/.bashrc file. open it and place following two aliases:
# vim ~/.bashrc alias scpp='scp -p 54545' alias sshp='ssh -p 54545'
save and exit the file.
I’ve used the names ‘scpp’ and ‘sshp’ here so that the original ssh/scp remain intact and whenever you want to use ssh with that port, just write ‘sshp’ or ‘scpp’. You are free to experiment with aliases to suite your need
To make changes of your .bashrc file effective, run following:
# source ~/.bashrc
Use your aliases, every time you need to ssh/scp into the host.
Another way here to update your local ssh config file:
# vi ~/.ssh/config Host yoursite.com Port 55555
Now when you use simple ssh/scp for yoursite.com, it will automatically use specified port. Thanks Zubin (comment) for this tip.