If your running a Linux web server one advisable security step is changing SSH port on your server, from the default of port 22.
This is to help prevent the many script kiddies out there gaining root to your server.
This guide will work for Red Hat based distros, CentOS and Fedora for example but not on Debian based i,e Ubuntu. Although it should all work bar the firewall config.
1. Modify the SSH daemon configuration
nano -w /etc/ssh/sshd_config
Now modify the Port (use one that’s available obviously)
look for #Port
remove the # and change the port number in this example 1023
If you don’t use the service using a port that is used by a known service can fool some crackers on what is actually running on your server.
Press ctrl+x to exit the nano text editor, you will prompted to save.
2. Now open port 1023 in your servers firewall
nano -w /etc/sysconfig/iptables
And include the following
-A INPUT -m state –state NEW -m tcp -p tcp –dport 1023 -j Accept
This will need to be added before protocol or more sucure lockdowns in your firewall.
If your firewall is pre-configured or unsure add the entry to the beginning of the file.
Save the file.
3. Now restart the services
service iptables restart
service sshd restart
Now connecting to SSH via the new port
ssh root@ipaddress -p 1023
And remember to use secure passwords, mixed case and including numbers and special chars, at least 8 characters long. Although the speed increase’s in cpus now a days I would advise 12.
I will also advise in a future post on disabling root login for SSH, but until then cya later.
Update the post has now been added http://box-admin.com/2012/01/disabling-root-login-for-ssh/