Today, I met a new server bought by a netizen who was unable to log in to SSH remote. Lao Zuo helped him find that the default server is not port 22, but a random five digit number. I think some of our friends have chosen many server vendors who know that such vendors will consider the security of SSH default ports, and then automatically modify the ports for users. Some are default random five numbers, and some are fixed non 22 port numbers. Here we will simply sort out the SSH ports.
1. What is the SSH default port number?
Generally, our common SSH default port is 22. Here, we also need to check whether there is a special mark of which port is on the background panel of the server.
We can see that the current ECS opened by this student is not port 22. It is 32048. If we want to log in to SSH, we use this custom port.
2. Modify the custom SSH port method
From a security perspective, we generally do not use the default port 22. We can modify the default port when installing the WEB environment, or modify port 22 during subsequent security operation and maintenance. Here, Lao Zuo modifies the default port 22 by modifying the ubuntu system.
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
Here we need to jump to the configuration file of the system, so at first I suggest you make a backup copy so that we can not recover after a failure.
vi /etc/ssh/sshd_config
Here we can download it locally or use the online VIM tool for editing.
We can see the figure above. You can change the 22 port above to another one. For example, we can exchange 123412 for others.
After we save the file, we need to execute it.
iptables -A INPUT -p tcp --dport 123412 -j ACCEPT
We also need to release the corresponding ports. In addition, if our server has a security group, we also need to activate the settings to release this port. Of course, we can change the original 22 port.
/etc/init.d/sshd restart
Here we restart the SSHD to take effect. If we are other images, it is slightly different, especially the CENTOS.
If our server automatically installs an image and sets a non-22 port for us, we don't need to change it. If the default port is 22, we recommend replacing it. If a server has its own security group, we need to release the specified port and then release the corresponding port in the security group.
