[MrTeck]

Hi all
I have a VPS with redHat 9 and want to know if is possible to change the SSH port.
I installed BDF and detects over 3 or 4 Brute force attacks all days, some of they very intensive.

Tnx

[tres]

Hey MrTeck,

Changing the port sshd listens on is a simple process; it's just a matter of updating your sshd_config file and then reloading the new configuration.

Use the procedure below to change the port that sshd is listening on to 2995:



Warning: Incorrectly following this procedure may render your server unreachable through SSH. If by following this procedure you are locked out of your server, and you require Spry Support to reset SSHD, you may incur a support fee for resetting SSH on your server.



1. From your terminal session, edit /etc/ssh/sshd_config

Code:

bash-2.05b# vi /etc/ssh/sshd_config

2. Look for the following line:

Code:

#Port 22

3. Change the line so it looks like this:

Code:

Port 2995

4. Save and close the file

5. Load the new configuration by using the RedHat service command

Code:

bash-2.05b# service sshd reload

Note: you may immediately lose connectivity to your server on the open ssh session you are currently running.


6. Test the connection

Code:

(tres@Ishmael)(~/Desktop) $ ssh username@myhostnaname.com -p 2995

Take note of the -p 2995 flag used when connecting to the server. If you are using OS X or a Linux desktop system like Mandriva or Ubuntu, you'll need to specify the port number when connecting. If you're using PuTTy on Windows, you can specify the port number in the profile for you connection and then re-save the profile using the new port.

[MrTeck]

Well, I was trying this, but no works :S
My /etc/ssh/sshd_config

Code:

Port 8888
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

Quote:

[root@server root]# service sshd reload
sshd: unrecognized service

I restart SSH in VPP but still on port 22 :/

[tres]

A reboot will take care of changing the port if just restarting the service is not working.

Tres

[MrTeck]

Today...

Quote:

The remote system 84.244.4.36 was found to have exceeded acceptable login failures on server.com; there was 374 events to the service sshd.
As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/sbin/iptables -I INPUT -p tcp -s 84.244.4.36 -j DROP

After reboot still at port 22.

[MrTeck]

Well, finally found the solution.

pico /etc/xinetd.d/sshd

Code:

service ssh
{
        disable = no
        socket_type             = stream
        type                    = UNLISTED
        port                    = 22
        protocol                = tcp
        wait                    = no
        user                    = root
        server                  = /usr/sbin/sshd
        server_args             = -i
}

Change "port = 22" for the new port and restart. Now works fine.

Tnx for your help tres

[MrTeck]

First day without a brute force attack