Exploring Port Number for SSH

Updated: Sep 2

The port number for SSH is 22 by default. Whenever we run a command through default SSH port number 22, a connection is established between client and server. Every connection initializes through this port.


This tutorial explains why and how to change the default SSH port in Linux.




Why should we change the default SSH port?

Changing the default SSH port adds an extra layer of security to our server by reducing the risk of automated attacks.


When we switch this port to some other, then the hacker has to try several other ports to ultimately find an open port. Therefore, to put any hacker out of the bounds, we better change it.




Procedure to change the SSH Port number for Linux Server

  • Open the terminal application and connect to our server via SSH.

  • Locate sshd_config file by typing the find command.

  • Edit the sshd server file and set Port option.

  • Save and close the file

  • Restart the sshd service to change the ssh port in Linux.



How to Change the Default SSH Port Number 22

To change our default SSH port, we have to edit the sshd_config file. Besides, it is always a good option to keep a backup of your file. Use this command to create a backup first:


$ cp  /etc/ssh/sshd_config  /etc/ssh/sshd_config_backup

This command creates a copy of the file in the same directory. The next step is to change the default SSH port. Open the ssh_config file in any editor. Now, enter the following command:



$ vi  /etc/ssh/sshd_config

After we execute this command, the mentioned file opens in the text editor. Search this line in the code:


#Port 22


Now, we want to shift our port number to 45673. For that, simply remove the hash (#) sign and insert the desired port number instead of 22. Take a look:


Port 45673


Moving on, it’s time to restart SSH.


To restart the server in order to load the changes we must follow this command as given below:


$ sudo service sshd restart


Check SSH Port Number in Linux with netstat command

We can use netstat command by providing some options to check which port is running for SSH process.


netstat -anpl|grep ssh

If this is the port we just configured, we can safely exit the server and relogin with the new port.


Login Linux with new SSH Port

We need to add -p option in SSH command to login after we change the port.


ssh username@userIP -p 45673


How to capture SSH Traffic with Tcpdump port?

In this example, we will capture SSH packets on port number 22 with tcpdump command.


We can filter tcp port 22 in tcpdump command to capture all the ssh traffic.


tcpdump -i eth0 tcp port 22
tcpdump -i eth0 'tcp[2:2] = 22'

The output of tcpdump is format dependant. A typical output line for TCP looks like this.


21:38:44.202888 IP 10.79.97.62.60915 > 216.58.220.206.22: Flags [S], seq 1580803359, win 65535, options [mss 1366,nop,wscale 6,nop,nop,TS val 552701199 ecr 0,sackOK,eol], length 0

We can save the captured packets into a file rather than printing them out by using the “-w” flag.


tcpdump -i eth0  -w /tmp/ssh.pcap tcp port 22

Related:

Fix Linux SSH Timeout Quick Guide

Exploring ServerAliveInterval ClientAliveInterval in SSH

Understanding SSH Key RSA DSA ECDSA ED25519


107 views
屏幕快照 2021-08-08 下午5.16.32.png