Skip to main content

Change SSH Port from 22 to 61613

Hands-On Lab

 

Photo of

Training Architect

Length

00:30:00

Difficulty

Intermediate

After you start any instance with public access, automated scripts will find you almost immediately and start conducting all sorts of scans and probing. There is no real way to completely stop this. You can confirm this is happening by looking at the log files of any public instance you create. However, we don't need to make it easy for them. A standard scan will usually check for known standardized ports associated with known services. For example, SSH by default runs on port 22 and is the first port any script will check for an SSH service. Now, if we configure SSH service to run on port 61613, the scan script will need to make a broad port sweep to find our SSH service. This is extremely taxing in terms of bandwidth for the attacker, and generally scripts will not check for these ports. That is why it is very important for us to change the port at which SSH operates from 22 to something that is not standardized, making it much more difficult for any one script to find our SSH service.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Change SSH Port from 22 to 61613

Introduction

In this hands-on lab, we are going to change the port at which SSH operates from 22 to something that is not standardized — here, 61613 — to make it more difficult for any one script to find our SSH service.

Solution

Log in to the lab server via SSH using the credentials provided:

ssh cloud_user@<Server_IP_Address>

Open /etc/ssh/sshd_config, Uncomment the Port Variable, and Change the Value from 22 to 61613

  1. Open the configuration file:

    sudo vim /etc/ssh/sshd_config
  2. Uncomment the Port variable.

  3. Add a new line under the existing Port variable, and add:

    Port 61613
  4. Save and close:

    ESC
    :wq
    ENTER

Open Port 61613 with firewalld

  1. Open the port with firewalld:

    sudo firewall-cmd --permanent --add-port=61613/tcp
  2. Reload to apply the rules:

    sudo firewall-cmd --reload
  3. List the rules:

    sudo firewall-cmd --list-all

Configure SELinux to Allow Connections on Port 61613 for SSH

  1. Configure SELinux:

    sudo semanage port -a -t ssh_port_t -p tcp 61613

Restart SSH, Log Out and Back in on Port 61613, and Close Port 22 with firewalld

  1. Restart SSH:

    sudo systemctl restart sshd
  2. Log out:

    exit
  3. Log in on port 61613:

    ssh cloud_user@<Server_IP_Address> -p 61613
  4. Close port 22 with firewalld:

    sudo firewall-cmd --permanent --remove-port=22/tcp
  5. Reload to apply the rules:

    sudo firewall-cmd --reload
  6. List the rules:

    sudo firewall-cmd --list-all

Conclusion

Congratulations on successfully completing this hands-on lab!