skip navigation

Make SSH Hang Higher

Robert Gauld

Several of the scripts used by the script kiddie varity of crackers assume a large amount about the system(s) they're attacking. Some simple changes to the configuration of SSH make sure that other machines are an easier target, thus making their fruit hang lower than yours. All that needs done is to change the port you use for SSH, so follow these steps to make SSH listen on another port, simply replace <PORT> with whatever number you want to use, for extra piece of mind keep it above 1024. It looks like there's a lot of steps but it can be done in under 2 minutes.

  1. Login to your server and:
    1. Create a new firewall rule to allow your new port.
    2. Open the file /etc/ssh/sshd_config.
    3. Find the line which says "Port 22" (assumes you're using the default port).
    4. Under this line add a new line "Port <PORT>".
    5. Save and close the file.
    6. Reload the SSH server's configuration (/etc/init.d/ssh reload).
    7. Logout and log back in over the new port (ssh -p <PORT> <HOST NAME>).
    8. Remove the firewall rule for your old port.
    9. Find and delete the line from step 3.
    10. Save and close the file.
    11. Reload the SSH server's configuration.
  2. On your client machine you can either:
    1. Use -p <PORT> as part of your ssh command whenever you connect.
    2. Open/Create the ~/.ssh/config file (mode = 600) and add/edit the following section:
      host <HOST NAME>
      Port <PORT>