SIGN IN / UP
      SIGN IN / UP

      We use cookies and similar technologies necessary for the site to function. Optional cookies from third parties are used to improve our service and to provide you with personalized content and advertising if you agree. You can freely opt out here or customize your choice of optional cookies by clicking "Additional settings". Please see our privacy policy and cookies policy for more information on what data is collected and how it is shared with our partners.

      Cookies Policy
      Marketing
      These cookies may be placed on the site by our advertising partners. These companies may use them to build a profile of your interests and show relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and device online. If you do not allow these cookies, you will see fewer targeted ads.
      Functional
      These cookies allow the site to provide advanced features and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not authorize the use of these cookies, some of our services may not work properly.
      Necessary
      These cookies allow us to count the number of visits and traffic sources to measure and improve the performance of our site. They help us to know which pages are the most or least popular and to see how many people are visiting the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not authorize the use of these cookies, we will not know when you have visited our site and will not be able to track its performance.
      Cookies Policy
      opened image

      How to change the SSH connection port and disable password authorization

      Similar articles:
      Midnight Commander file manager How to deploy a website on cPanel Backups are not performed on the server with VestaCP How to Allow ICMP Packets in Windows Server 2022, 2019, 2016 How to trace

      VPS

      FROM €3.96/MONTH

      Discount -20% for the first month

      In this article, we will see how to change the standard SSH connection port to a non-standard one, and disable password authentication.

      !!! IMPORTANT !!!

      Make sure you have already created SSH keys before doing this, and successfully connected to the server using them. Or you have access to the server via VNC to enable password authorization back and return the default settings.

      And so, first you need to edit the sshd_config file:
       

      vim /etc/ssh/sshd_config


      In the line Port 22 (Uncomment if commented out) and change port 22 to the desired port, for example 22333:

       

       

       

      Port 22333

       



      Restart the sshd service:

       

       

       

       

      systemctl restart sshd

       


      Check if the installed port 22333 is listening:

       

       

       

       

      netstat -tupln | grep ssh

       




      If we see that the sshd service listens to the port we need 22333 or another one that you set, then in order for us to connect already using it, you need to allow its use from outside.

      To do this, you need to add a rule to the iptables list:

       

       

       

       

      iptables -A INPUT -p tcp --dport 22333 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

       


      or like this:

       

       

       

       

      iptables -I INPUT -p tcp --dport 22333 -m state --state NEW -j ACCEPT

       


      With the iptables -L command, we can see that the rule has been added.


      After that, you need to save the rules so that after the restart the installed port remains available.

      For Centos 7 use this command:

       

       

       

       

      service iptables save

       


      For Ubuntu, we use a different command. To do this, you need to install iptables-persistent.

       

       

       

       

      apt-get install iptables-persistent

       


      If you get an error that there is no suitable package or repository, update the repositories. After that, install the updates.

       

       

       

       

      apt update
apt upgrade

       


      If this package is installed and you want to save the rules:

       

       

       

       

      dpkg-reconfigure iptables-persistent

       


      During reconfiguration, answer YES to both questions.

      After that, you can save the rules for ipv4:

       

       

       

       

      iptables-save | sudo tee /etc/iptables/rules.v4

       


      For ipv6:

       

       

       

       

      ip6tables-save | sudo tee /etc/iptables/rules.v6

       


      If the firewall is enabled, add a rule for it:

       

       

       

       

      firewall-cmd --permanent --add-port=22333/tcp

       


      And also restart the firewalld service:

       

       

       

       

      systemctl restart firewalld

       

      Disable SSH password authentication

       

       


      To do this, edit the /etc/ssh/sshd_config file:

       

       

       

       

       

       

      vim /etc/ssh/sshd_config

       


      Looking for the line:

       

       

       

       

      PasswordAuthentication yes

       



      And change it to:

       

       

       

       

      PasswordAuthentication no

       


      If there is a # symbol (commented out) at the beginning of this line, remove it. Save the file after making these changes and restart the sshd service:

       

       

       

       

      systemctl restart ssh

       


      Now you can restart the server and make sure you did everything right.

       

       

       

       

      reboot

       



      If everything is done correctly, then the connection to the server with the new port will pass without "dancing" incidents.

       

      Similar articles:
      Midnight Commander file manager How to deploy a website on cPanel Backups are not performed on the server with VestaCP How to Allow ICMP Packets in Windows Server 2022, 2019, 2016 How to trace

      VPS

      FROM €3.96/MONTH

      Discount -20% for the first month