[deanhills]

Step 1  Choose a random number between 49152 and 65535

Step 2  SSH into your VPS - if you don't have NANO already loaded with CentoS - you can do it with this command:

Code: (Select All)

yum install nano

Step 3 Use this command to edit the port number

Code: (Select All)

nano /etc/ssh/sshd_config

With nano you'll be able to scroll with your up and down keys to:

#Server 22

Delete # and replace 22 with your random number.  Remember to make a note of the new number.


Step 4 Save the change with 'ctrl o'  and exit with 'ctrl exit'

ctrl exit

Step 5 Change IP tables (replace "newnumber" with your new port number):

Code: (Select All)

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport newnumber -j ACCEPT

Code: (Select All)

iptables -A INPUT -j DROP -p tcp --dport 22

Code: (Select All)

/etc/init.d/iptables save

If you have a Panel, you also need to go into the Panel and in the case of VestaCP there was a separate setting for Firewall SSH port number - which I changed from 22 to my new number.  I also had other issues with VestaCP which I reported in the last post of this tutorial.  VestaCP is still far from perfect, but I think it could possibly also be because of CentOS 7 (probbly still prefer CentOS 6) -  VestaCP httpd and nginx have error issues that come up when ports are changed over and above the ones that have been covered above that come up with this message - resulting in one can't restart either httpd or nginx and websites of course are down as a result:

See "systemctl status httpd.service" and "journalctl -xe" for details.

Step 6

Code: (Select All)

service sshd restart

Feedback:  After the change of the port number I had no more bad login attempts.  This really works well.

[chanalku91]

That will not help to prevent an hacker
You must change the root user as well

[deanhills]

That will not help to prevent an hacker
You must change the root user as well

I have taken other precautions as well - but the port number is probably one of the simplest changes to make and people who gave me advice here were 100% correct - there wasn't a single bad login after I had changed only the port number.   After I changed the port number I went one step further and disabled password authentication for the VPS as well. 

If someone really wanted to hack they probably will and can but for what I'm using the VPS for I feel I'm OK for now.

[Mashiro]

That will not help to prevent an hacker

It isn't meant and it wasn't designed to prevent human hackers from trying to access your server without authorization. In fact changing the SSH port and believing that it stops real hackers is something that the more seasoned server operaters call "security through obscurity" or simply: it doesn't add any security layer but sounds like it would.

So what is it good for? We discussed this already in the main topic by deanhills regarding the issues behind this tutorial. Changing the SSH port will stop 100% of all automated bot bruteforce attacks carried out by infected computers, servers, IoT devices, routers and etc. It works very well for this purpose because these kind of bruteforce attacks only target the default service port such as 22 for SSH in this case.

[Littlemaster]

In my case, I was able to stop attempts of hackers by changing the default port, I think those attempts were made by bots, especially by Chinese proxies.

[youssefbasha]

In my case, I was able to stop attempts of hackers by changing the default port, I think those attempts were made by bots, especially by Chinese proxies.

Same here, i got 46831 failed attempts before. But now there is no attempts

[tryp4vps]

Step 1  Choose a random number between 49152 and 65535

......

Well, actually you do not have to limit only to this range of dynamic ports.

User ports (range from 1024 to 49151) can also be used for ssh access purpose.

[Vuluts]

Take note if your using a firewall to block all unused port, don't forget to adjust your firewall settings before anything else you might can't connect if you forgot to update it.

[Rehan]

Thanks for sharing the tutorial.I was thinking to move to Centos from Ubuntu.Then i thought it will be different and i am totally new to Linux.But this tutorial helped me and Now i am feeling that mos of the Commands of Linux are same.

[deanhills]

So tonight tried to change the SSH port number of my new VPS 15. There were hundreds of failed logged in attempts like my IP really got hammered by them.  Also earlier on I discovered that the IP had been blacklisted for a mail server that must have existed in its previous life. Looks as though the IP has a dark past.

I did the usual steps:

Code: (Select All)

vim /etc/ssh/sshd_config

Discovered the VIM editor wasn't loaded - probably because I had installed a minimal CentOS 7 OS - so I had to load VIM from scratch:

Code: (Select All)

yum install vim

I forget the vim commands every time.  Have to remember typing "i" to get into insert mode.  Then of course one has to uncomment the # in front of the Port 22.  And then replace the 22 with your preferred number.  I went for a 5-digit number that looks almost like the one for my HostUS VPS port but with different digits.  I had difficulty here too as it wouldn't accept the number pad keys of my desktop computer, so learned that I had to use the number keys in the main keyboard.  Then figured out finally I had to click on Esc to get out of insert mode first.  Then Shift ZZ and then I was out.

I then repeated the above vim command to just check the changed port number was fixed, and it was.

I then restarted the ssh service:

Code: (Select All)

service sshd restart

And then restarted Putty SSH with my new port number and it refused the connection! This was when the fun started.  I was locked out of my VPS.  Deep breath! I then remembered this had happened to me before.  And I'd then taken the coward's way out with hard labour by reinstalling the OS and starting everything from scratch.  This time I didn't feel like doing it so was searching for ways to fix the problem.

I then discovered magic in Hostlease's Panel.  A Serial Console with which one can generate a user name and password to get into PuTTy and SSH into the VPS.  AND more important, after Googling this issue, I discovered that I had missed an IMPORTANT STEP in my tutorial and that was to change the iptables and Firewall SSH port number.  So thanks to Google I found this command at Hostgator (note - NEWPORTNUMBER has to be replaced by your new port number- numerical:

Code: (Select All)

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport NEWPORTNUMBER -j ACCEPT

Then did another sshd restart:

Code: (Select All)

service sshd restart

And it worked!  I now have a nice new port number for SSH.  

So yes, kudos to Hostlease's serial console that helped me to bale myself out.  Otherwise my Plan B would have been to re-install the OS and start from scratch.  I have now fixed my tutorial in the IP to include the above important iptable command.

__________________________________________________________________

Postscript
OK - so another problem occurred.  And not sure what happened.  I wanted to add this tutorial to my blog, and when I tried to get in discovered that VestaCP httpd Apache and Nginx were both down, and I couldn't restart them.  I tried everything.

This is the error message that came up when I checked up in the server with SSH:

Code: (Select All)

See "systemctl status httpd.service" and "journalctl -xe" for details

Nothing worked.  I tried a few suggestions that I'd Googled (looks as though this could be a common problem particularly with CentOS 7) - one being to comment out error code in the conf file but that didn't work either.

Not sure what worked in the end, but I did it step by step.  I resaved the user in VestaCP.  I then went into the IPs.  I deleted the one IP which was the secondary one and I resaved the other IP.  I also went into the DNS and resaved the DNS and all of the records.

I then didn't know what else to do and thought I'd try and go back to the server and restart nginx and httpd and they were already up and running for a few minutes.  Wonder whether it was the IP resave that did it.

Thank goodness again, as I thought I might have to re-install VestaCP which would have meant I'd have to recreate my WordPress websites again.  They've been created with the Softaculous App on VestaCP, so if VestaCP gets nixed, so do my Websites by default.  So basically probably not a good idea to install the WordPress sites through VestaCP.  Better to do all of it from the command line.

Bottomline.  If you have VestaCP and you want to change your SSH port number you've got to have hair on your teeth.

In the end however, and thinking in retrospect, maybe reinstalling everything would have taken less time than trouble shooting httpd and nginx that didn't want to restart.  But at least I learned a few lessons.  

________________________________________________________

Last note:  since revisiting SSH, no more failed login attempts.  Not a single one!  Mission accomplished!