Categories
Cloud Server

How to change ssh port and secure it by fail2ban in Linux server

I use runcloud to manage most of my Linux servers, so i have given screenshots of runcloud servers. But you can follow the steps to achieve the same in any Linux server.

By default, runcloud has ports 22 (ssh), 80(HTTP), and 443(HTTPS) open, and port 22 is secured by the fail2ban application.

Runcloud Firewall Settings in old UI
Runcloud Firewall Settings in new UI interface

If you scroll down further on the security page or go to the fail2ban tab on the runcloud new interface, you will see a lot of IP addresses in the list depending on how popular your site is with attackers. 🙂

fail2ban in runcloud with a list of blocked IP addresses
fail2ban in runcloud with a list of blocked IP addresses in the new UI.

Most of the attackers or bots just scan the default ssh port 22. So, It’s a good idea to change the ssh port to something else.

How to change ssh port in your Linux server

  1. Run the following command to edit sshd config file and change the port number
    sudo nano /etc/ssh/sshd_config

2. Go to #Port 22 section and change the port number. You will have to remove the hash(#) symbol as well, to uncomment it. And then save the file.

3. Next, you will have to restart the SSHD daemon by the following command : sudo service sshd restart

How to configure fail2ban to secure the new custom port instead of default ssh port 22

  1. Edit the fail2ban jail.local file using the following command : sudo nano /etc/fail2ban/jail.local

2. Now go to the SSHD section and change port number from 22 to your desired port number. Make sure that it’s the same number as your new ssh port.

3. Now, save the file and restart with the following command : sudo service fail2ban restart

Now, your server ssh port is changed and the new ssh port is also secured by fail2ban.

By Murali Kumar

I am a Full Stack Web Developer with over 12 years of experience. I love WordPress & WooCommerce.

If you need help of a WordPress developer for your website, get in touch now!.

Follow me on Twitter : @geekz

Leave a Reply

Your email address will not be published. Required fields are marked *