By default, SSH runs on port 22. Running SSH on port 22, though, makes it an easy target for those who might try to brute-force their way into your server and do all sorts of evil things with it.
Removing SSH from Port 22 and making it run on a different, unusual and hard-to-guess port, like, say, 61612 for instance, will increase the security of your server by making it appear to a bot or lazy port-scanner that you don’t have SSH running at all.
Of course, this won’t stop those determined to find the port that your SSH is running on, but it will immediately cut out those hackers who aren’t that invested in your machine in particular, but are looking instead for easy “ins”.
1. First, let’s pick what port you want to move SSH onto.
You can pick any UNUSED number between 1 and 65535. If the port is or could be already in use on your server, you cannot use the port number. For a list of commonly used ports that you should avoid, see this list at Wikipedia. Your best bet is to choose a number in the unregistered range (49152-65535), like 61612. Once you’ve chosen your port number, you’re ready to put it to work:2. Log In through SSH as root to your server.
3. Edit the sshd's configuration file
/etc/ssh/sshd_config4. Find the line #Port 22 or Port 22.
If you don’t see this line at all anywhere in the file, that’s okay. Just insert the line below. If the Port line is already in the file, put the following (substitute xxxx with the port number you picked in step 1):Port xxxx
5. Save the file and restart sshd
service sshd restart6. Exit out of SSH to close the current session:
exit7. Test the new configuration.
First, try to log in on Port 22 through SSH. If it fails to connect (“Connection Refused”), you’ve successfully removed SSH from Port 22.Next, try to log in to SSH using your new Port number. If you connect successfully, congratulations! You’ve successfully moved SSH onto a non-standard port and your server is just a tad safer for it! IF IT DOESN’T WORK, see step 8.
8. Reset ssh port to the default one
If your new SSH port is working, you’re done – skip this step! If something went horribly wrong, though, while you were attempting to change the default SSH port and now you can’t log in to SSH at all, don’t worry! cPanel has a built-in magical script to reset SSH back to port 22 so you can log in and try again.Once you’ve used this script, though, you must log in to SSH immediately and edit the file listed in Step 3 or the port will be reverted again the next time sshd restarts. Here’s the script you need: in your web browser, go to this address (substitute xxx.xxx.xxx.xxx with your server’s IP address) and log in as root (you may be asked for your password twice):
http://xxx.xxx.xxx.xxx:2086/scripts2/doautofixer?autofix=safesshrestart
NOTE: If you already had a firewall product, such as csf/lfd installed on your server before making this change, you will now need to go into the configuration for that firewall and “open” the port for incoming traffic that you just moved SSH onto as well as “close” Port 22 to incoming traffic entirely. Refer to your firewall vendor for instructions, or ask your hosting provider if you need help with this.
