The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH server listening port will stop many automated attacks and a bit harder to guess which port SSH is accessible from. The attacker should execute a nmap like scan against your host to discover the port SSH service listens. So changing the default SSH port has no meaning on private networks, but maybe it’s useful and it’s a simple security hardening technique on public accessible hosts.
Edit the line which states ‘Port 22’. But before doing so, you’ll want to read the note below. Choose an appropriate port, also making sure it not currently used on the system. I would suggest to use a mnemonic port, like port 22222 and to use the same port to all your publicly accessible hosts, in order not to lookup which port uses which host for ssh.
# What ports, IPs and protocols we listen for
for centos 7 or redhat 7 you can use:
systemctl restart sshd
Verify SSH is listening on the new port by either using telnet or connecting to it. Note how the port number now needs to be declared.
telnet 567ss.com 22222
ssh firstname.lastname@example.org -p 22222
You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don’t want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory ‘/home/a/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
Finally append a’s new public key to b@B:.ssh/authorized_keys and enter b’s password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B ‘cat >> .ssh/authorized_keys’
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
Put the public key in .ssh/authorized_keys2
Change the permissions of .ssh to 700
Change the permissions of .ssh/authorized_keys2 to 640