SSH is one of the most commonly attacked services as it provides easy access to full control of a dedicated server. Changing the default SSH port will help prevent an attacker from launching brute force attacks to the default port.
1. Login as the server as root (or gain root access by executing ‘sudo su’)
2. Check to see the status of the firewall by executing ‘ufw status’
If the firewall is active then we need to add a rule to allow connections for our new SSH port.
This can be done by executing ‘ufw allow newportnumberhere/tcp’
3. Execute ‘nano /etc/ssh/sshd_config’ and look for the line that contains ‘Port 22’
4. Change the number ’22’ to any unused port you’d like
Save and exit by holding down ‘ctrl’ and ‘x’
5. Restart the SSH service by executing ‘restart ssh’ within the command line
For Debian, execute ‘service ssh restart’
6. If you can still access the command line, type ‘ss -tnlp | grep ssh’ to verify SSH is listening on the new port. (optional)
7. Start a new SSH session on the new port.
8. Delete the old firewall rule for the old port by executing ‘ufw delete allow 22/tcp’