opened image
  • ZOMRO
  • FAQ
  • How to change the SSH connection port and disable password authorization

How to change the SSH connection port and disable password authorization

In this article, we will see how to change the standard SSH connection port to a non-standard one, and disable password authentication.

!!! IMPORTANT !!!

Make sure you have already created SSH keys before doing this, and successfully connected to the server using them. Or you have access to the server via VNC to enable password authorization back and return the default settings.

And so, first you need to edit the sshd_config file:
 

vim /etc/ssh/sshd_config


In the line Port 22 (Uncomment if commented out) and change port 22 to the desired port, for example 22333:

 

 

 

Port 22333

 



Restart the sshd service:

 

 

 

 

systemctl restart sshd

 


Check if the installed port 22333 is listening:

 

 

 

 

netstat -tupln | grep ssh

 




If we see that the sshd service listens to the port we need 22333 or another one that you set, then in order for us to connect already using it, you need to allow its use from outside.

To do this, you need to add a rule to the iptables list:

 

 

 

 

iptables -A INPUT -p tcp --dport 22333 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

 


or like this:

 

 

 

 

iptables -I INPUT -p tcp --dport 22333 -m state --state NEW -j ACCEPT

 


With the iptables -L command, we can see that the rule has been added.


After that, you need to save the rules so that after the restart the installed port remains available.

For Centos 7 use this command:

 

 

 

 

service iptables save

 


For Ubuntu, we use a different command. To do this, you need to install iptables-persistent.

 

 

 

 

apt-get install iptables-persistent

 


If you get an error that there is no suitable package or repository, update the repositories. After that, install the updates.

 

 

 

 

apt update
apt upgrade

 


If this package is installed and you want to save the rules:

 

 

 

 

dpkg-reconfigure iptables-persistent

 


During reconfiguration, answer YES to both questions.

After that, you can save the rules for ipv4:

 

 

 

 

iptables-save | sudo tee /etc/iptables/rules.v4

 


For ipv6:

 

 

 

 

ip6tables-save | sudo tee /etc/iptables/rules.v6

 


If the firewall is enabled, add a rule for it:

 

 

 

 

firewall-cmd --permanent --add-port=22333/tcp

 


And also restart the firewalld service:

 

 

 

 

systemctl restart firewalld

 

Disable SSH password authentication

 

 


To do this, edit the /etc/ssh/sshd_config file:

 

 

 

 

 

 

vim /etc/ssh/sshd_config

 


Looking for the line:

 

 

 

 

PasswordAuthentication yes

 



And change it to:

 

 

 

 

PasswordAuthentication no

 


If there is a # symbol (commented out) at the beginning of this line, remove it. Save the file after making these changes and restart the sshd service:

 

 

 

 

systemctl restart ssh

 


Now you can restart the server and make sure you did everything right.

 

 

 

 

reboot

 



If everything is done correctly, then the connection to the server with the new port will pass without "dancing" incidents.

 

Similar articles:
How to configure idle RDP session timeoutHow to create a telegram bot for monitoring Mikrotik located behind a NATMidnight Commander file managerHow to raise OpenSSH on Windows 2019Connecting to OpenVPN

Premium Cloud VPS

FROM €5.48/MONTH

Enjoy freedom