Often it is noted that automated brute force ports tend to attack servers with ssh service on port 22. Of course it is not difficult to scan a port range and determine whether you have ssh running on another port, but usually that happens only in targeted or more sophisticated ports.
So one of the ways you can improve the security of your server is to change the default ssh port from port 22.
Edit /etc/ssh/sshd_config:
Change:
#grep -i port /etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 22
to
#grep -i port /etc/ssh/sshd_config # What ports, IPs and protocols we listen for Port 959
Restart ssh later:
#service ssh restart [ ok ] Restarting OpenBSD Secure Shell server: sshd.
Once you do this, commands like ssh-copy-id will not work unless you write it as:
ssh-copy-id -i key "[email protected] -p NewPort"
or specify port in ~/.ssh/config with:
Host iniz
Hostname hostip
User root
Port newport
Joel G Mathew, known in tech circles by the pseudonym Droidzone, is an opensource and programming enthusiast.
He is a full stack developer, whose favorite languages are currently Python and Vue.js. He is also fluent in Javascript, Flutter/Dart, Perl, PHP, SQL, C and bash shell scripting. He loves Linux, and can often be found tinkering with linux kernel code, and source code for GNU applications. He used to be an active developer on XDA forums, and his tinkered ROMS used to be very popular in the early 2000s.
His favorite pastime is grappling with GNU compilers, discovering newer Linux secrets, writing scripts, hacking roms, and programs (nothing illegal), reading, blogging. and testing out the latest gadgets.
When away from the tech world, Dr Joel G. Mathew is a practising ENT Surgeon, busy with surgeries and clinical practise.