How to change SSH port number in CentminMod

by Daniel Pham
written by Daniel Pham Published: Updated:

How to change SSH port number in CentminMod? By default, Linux servers use port 22 for SSH service. This is a service for you to login and control your server.

And of course, this is known to all hackers. Using that default configuration is not good, is not safe for your server. So you need to change that.

Change SSH port number in CentminMod

change ssh port number in centminmod
Change ssh port number in CentminMod.

Okay, if you’re a pretty good person using Linux. Changing port for SSH service is quite simple for you. Otherwise, you will block yourself from logging into the server.

So, CentminMod has supported you. In the admin menu, it provides an option that allows you to select another port to run the SSH service.

--------------------------------------------------------
     Centmin Mod Menu 123.09beta01 centminmod.com     
--------------------------------------------------------
1).  Centmin Install
2).  Add Nginx vhost domain
3).  NSD setup domain name DNS
4).  Nginx Upgrade / Downgrade
5).  PHP Upgrade / Downgrade
6).  XCache Re-install
7).  APC Cache Re-install
8).  XCache Install
9).  APC Cache Install
10). Memcached Server Re-install
11). MariaDB MySQL Upgrade & Management
12). Zend OpCache Install/Re-install
13). Install/Reinstall Redis PHP Extension
14). SELinux disable
15). Install/Reinstall ImagicK PHP Extension
16). Change SSHD Port Number
17). Multi-thread compression: zstd,pigz,pbzip2,lbzip2
18). Suhosin PHP Extension install
19). Install FFMPEG and FFMPEG PHP Extension
20). NSD Install/Re-Install
21). Update - Nginx + PHP-FPM + Siege
22). Add Wordpress Nginx vhost + Cache Plugin
23). Update Centmin Mod Code Base
24). Exit
--------------------------------------------------------
Enter option [ 1 - 24 ] 16
--------------------------------------------------------

Look and select menu number 16.

A piece of information will print to the screen for you, it will tell you what port number you currently use for SSH service.

And you’ll have to choose a certain number <1024 to be the running port for the SSH service.

As in the following paragraph, I chose port 222.

*************************************************
* Setup sshd
*************************************************
--------------------------
backup sshd_config
--------------------------
cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config-backup
--------------------------
change ssh port
--------------------------
You'll be asked what your current default SSH port is (default = 22 or 22).

Then asked which SSH port number you want to change to.
New SSH port should be a number below and less than <1024.

Your current default SSH port is: 22
or 22

Enter existing SSH port number (default = 22 for fresh installs): 22

Enter the SSH port number you want to change to: 222

And then, CentminMod will automatically do the rest. You just wait about 30 seconds for it to finish your job.

Post 222 configured in /etc/ssh/sshd_config
Port 222

iptables -I INPUT -p tcp --dport 22 -j REJECT
iptables -I INPUT -p tcp --dport 222 -j ACCEPT
systemctl restart iptables.service
systemctl restart csf.service
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWDYNIN'
Flushing chain `ALLOWDYNOUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
Flushing chain `DENYIN'
Flushing chain `DENYOUT'
Flushing chain `INVALID'
Flushing chain `INVDROP'
Flushing chain `LOCALINPUT'
Flushing chain `LOCALOUTPUT'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `PORTFLOOD'
Flushing chain `UDPFLOOD'
Deleting chain `ALLOWDYNIN'
Deleting chain `ALLOWDYNOUT'
Deleting chain `ALLOWIN'
Deleting chain `ALLOWOUT'
Deleting chain `DENYIN'
Deleting chain `DENYOUT'
Deleting chain `INVALID'
Deleting chain `INVDROP'
Deleting chain `LOCALINPUT'
Deleting chain `LOCALOUTPUT'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `PORTFLOOD'
Deleting chain `UDPFLOOD'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG  icmp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG  tcp opt    in * out *  ::/0  -> ::/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
LOG  udp opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP6OUT Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP6IN Blocked* "
LOG  icmpv6 opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP6OUT Blocked* "
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *Port Flood* "
LOG  all opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *Port Flood* "
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
REJECT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
DROP  all opt    in * out *  ::/0  -> ::/0  
REJECT  all opt    in * out *  ::/0  -> ::/0   reject-with icmp6-port-unreachable
DENYOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DENYIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
DENYOUT  all opt    in * out !lo  ::/0  -> ::/0  
DENYIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWOUT  all opt    in * out !lo  ::/0  -> ::/0  
ALLOWIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading Packet Filter (IPv4)
csf: FASTSTART loading Packet Filter (IPv6)
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
INVALID  tcp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
INVALID  tcp opt    in !lo out *  ::/0  -> ::/0  
INVALID  tcp opt    in * out !lo  ::/0  -> ::/0  
csf: IPSET creating set chain_DENY
csf: IPSET creating set chain_6_DENY
csf: FASTSTART loading csf.deny (IPv4)
csf: FASTSTART loading csf.deny (IPv6)
csf: FASTSTART loading csf.deny (IPSET)
csf: IPSET creating set chain_ALLOWDYN
ACCEPT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   match-set chain_ALLOWDYN src
ACCEPT  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   match-set chain_ALLOWDYN dst
csf: IPSET creating set chain_6_ALLOWDYN
ACCEPT  all opt    in * out *  ::/0  -> ::/0   match-set chain_6_ALLOWDYN src
ACCEPT  all opt    in * out *  ::/0  -> ::/0   match-set chain_6_ALLOWDYN dst
ALLOWDYNIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWDYNOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ALLOWDYNIN  all opt    in !lo out *  ::/0  -> ::/0  
ALLOWDYNOUT  all opt    in * out !lo  ::/0  -> ::/0  
csf: IPSET creating set chain_ALLOW
csf: IPSET creating set chain_6_ALLOW
csf: FASTSTART loading csf.allow (IPv4)
csf: FASTSTART loading csf.allow (IPv6)
csf: FASTSTART loading csf.allow (IPSET)
  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
PORTFLOOD  tcp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 20 name: 21 side: source mask: 255.255.255.255
  tcp opt    in !lo out *  ::/0  -> ::/0   tcp dpt:21 state NEW recent: SET name: 21 side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
PORTFLOOD  tcp opt    in !lo out *  ::/0  -> ::/0   tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 20 name: 21 side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
DROP  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  
DROP  all opt    in * out *  ::/0  -> ::/0  
RETURN  udp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   owner UID match 0
RETURN  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 100/sec burst 500
LOG  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
REJECT  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   reject-with icmp-port-unreachable
UDPFLOOD  udp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
RETURN  udp opt    in * out *  ::/0  -> ::/0   owner UID match 0
RETURN  udp opt    in * out !lo  ::/0  -> ::/0   limit: avg 100/sec burst 500
LOG  all opt    in * out *  ::/0  -> ::/0   limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
REJECT  udp opt    in * out !lo  ::/0  -> ::/0   reject-with icmp6-port-unreachable
UDPFLOOD  udp opt    in * out !lo  ::/0  -> ::/0  
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8 limit: avg 1/sec burst 5
LOGDROPIN  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   icmptype 8
ACCEPT  icmp opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  icmp opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  icmpv6 opt    in !lo out *  ::/0  -> ::/0  
ACCEPT  icmpv6 opt    in * out !lo  ::/0  -> ::/0  
ACCEPT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0   state RELATED,ESTABLISHED
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0   state RELATED,ESTABLISHED
ACCEPT  all opt    in !lo out *  ::/0  -> ::/0   state RELATED,ESTABLISHED
ACCEPT  all opt    in * out !lo  ::/0  -> ::/0   state RELATED,ESTABLISHED
csf: FASTSTART loading TCP_IN (IPv4)
csf: FASTSTART loading TCP6_IN (IPv6)
csf: FASTSTART loading TCP_OUT (IPv4)
csf: FASTSTART loading TCP6_OUT (IPv6)
csf: FASTSTART loading UDP_IN (IPv4)
csf: FASTSTART loading UDP6_IN (IPv6)
csf: FASTSTART loading UDP_OUT (IPv4)
csf: FASTSTART loading UDP6_OUT (IPv6)
ACCEPT  all opt -- in lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
ACCEPT  all opt    in lo out *  ::/0  -> ::/0  
ACCEPT  all opt    in * out lo  ::/0  -> ::/0  
LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0  
LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0  
csf: FASTSTART loading DNS (IPv4)
csf: FASTSTART loading DNS (IPv6)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0  
LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0  
*WARNING* LF_DISTFTP sanity check. LF_DISTFTP = 40. Recommended range: 0-20 (Default: 0)
*WARNING* LF_DISTFTP_UNIQ sanity check. LF_DISTFTP_UNIQ = 40. Recommended range: 2-20 (Default: 2)
*WARNING* DENY_TEMP_IP_LIMIT sanity check. DENY_TEMP_IP_LIMIT = 2000. Recommended range: 10-1000 (Default: 100)
*WARNING* PT_LOAD_LEVEL sanity check. PT_LOAD_LEVEL = 1. Recommended range: 2-20 (Default: 6)

*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

*************************************************
* Setup sshd complete
*************************************************
To check to see if you can access your server via the new port
keep this existing SSH2 connection open, and start a new SSH2
connection to this server connecting via the new SSH2 port
if you can connect, then it's working. 

If you can't connect, using your existing SSH2 logged in
connection, edit and check /etc/csf/csf.conf and your iptables
/etc/sysconfig/iptables and service iptables status
making sure the new port number you specified is correctly set
*************************************************

SSH to your server after change port number

If before, to ssh to your server, you just need to type the command as below. For example, your server has an ip address of 192.168.1.10.

ssh [email protected]

Now, you need to type the following command to be able to login to the server. In the example, I changed to port 222, change number 222 to the number you changed above.

ssh -p 222 [email protected]

Conclusion

This is just a simple thing but quite useful in protecting your server. Help it avoid brute-force attacks aimed at SSH service.

You need to do this immediately after installing CentminMod. Don’t be subjective, trust me, when you just created vps and made it public, the auto bots scanned your vps (server).

(This is an article from my old blog that has been inactive for a long time, I don’t want to throw it away so I will keep it and hope it helps someone).

0 0 votes
Article Rating

Hi my friend, I am a DevOps/DevSecOps engineer. I am living and working in Da Nang, Vietnam.

You may also like

How to disable Nginx test page in CentminMod

How to remove demodomain.com in CentminMod

How to disable Pure-FTPD in CentminMod

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

DevOps Lite is a personal blog specializing in technology with main topics about DevOps, DevSecOps, SRE and System Administrator. Articles are shared for free and contributed to the community.

ABOUT US

DMCA.com Protection Status

AUTHOR

OUR FRIENDS

SUPPORT US

FOLLOW US

Facebook Youtube X-twitter Instagram Pinterest Tumblr Linkedin Github Gitlab Rss

Subscribe my Newsletter for new blog posts. Stay updated from your inbox!

© 2021-2024 DevOpsLite.com – All rights reserved.

Please write sources “DevOpsLite.com” when using articles from this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

2
0
Would love your thoughts, please comment.x
()
x

Adblock Detected

Please support us by disabling your AdBlocker extension from your browsers for our website.