Knowledgebase: Security
Changing the sshd port​
Posted by on 26 September 2016 11:23 AM

While not a security measure, changing the port that sshd listens on can provide a few benefits. For one, it requires more effort for someone to locate the port that sshd listens on. Secondly, it prevents the server from being overwhelmed by brute force attacks that rely on using the default sshd port of 22. Both of these things can be prevented by filtering access, but this is still helpful in cases where the filter is either not enabled, or misapplied.

Keep in mind that local users can use utilities such as "ss" or "netstat" or other means to determine which ports that services listen on.

NOTE: Anyone on the server can bind to ports 1024 and above. Only root can bind to ports below 1024. As such, it is imperative to use an available port below 1024.

To find a free port, start by looking for used ports:

# netstat -ntl | awk '{print $4}' | grep -v ^ | cut -d : -f 2 | grep ^[0-9] | sort -n | uniq | awk '$1 < 1024'
(0 vote(s))
Not helpful