Recently there has been a number of attacks against the ssh port (TCP port 22). My version of ssh is currently patched up but it is still a pain to see hackers trying to run scripts against your ssh port over and over again. I have setup alerts that will warn me when some one tries to (or does) log into my systems. On some days I could get more than 1000 alerts that someone tried. Most of the attempts are from scripts that just try looking for the secure shell port and once they do, then they will try multiple attempts to get in.
The solution? Change the port. It’s not a fool proof method because some one just needs to scan your system looking for the ssh port, but does help to reduce the attempts by stopping some one just looking for port 22. If they have to search for your ssh port, then they may just move on to another system instead.
How to do it!
Trixbox is running on CentOS Linux. The config file for sshd is /etc/ssh/sshd_config. It is possable to set the default startup port here but I don’t like that solution. I prefer to change the port as a command line option when sshd starts up that way you can see the port that it is listening on when your view the processes. ( ps -aef ) The way to change the startup port for sshd is in the /etc/sysconfig/sshd file. This file is not there by default in Trixbox and will need to be created. It only needs one like in it setting the OPTIONS variable as follows:
# cat /etc/sysconfig/sshd
OPTIONS=”-p 222″
Once the file is created, then restart the sshd daemon with the following command:
# service sshd restart
Once it is restarted, your sshd service will now be answering on the new port ( port 222 in this example ).
Remember to modify your clients to connect up using the new port.