Page 1 of 1
Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 06 Oct 2018, 22:13
by peopleinside
Hi to everyone,
i am looking for an official reply or a secure response ;D
On my server i discovered that the default SSH port comport a lot of attack to guess password ... this made CSF alerting me with a periodic frequency.
Is safe to change SSH port?
CSF will still monitor for SSH failed access? Because if i change port all alert stop.
My doubt is... changing the SSH port made CSF do not know any more what is the port to monitor for protect from login attempts?
I am not sure if alert has stopped because there are no more try to guess SSH password or if is because CSF do not done the same monitor on the other port.
Thanks in advance for the interest and the time!
Re: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 13 Oct 2018, 02:21
by Black Tiger
Oh this is a fun one.
Yes ofcourse you can change the SSH port, but do add the custom port in csf.conf incoming and outgoing first, before you start using it.
If you also keep port 22 in csf.conf, then CSF will keep monitoring port 22 and you can set up a decent block rule because often they will keep hammering on it.
Since you setup your new SSH port somewhere between port 1024 and 65535, lots of them do not even take the effort to search for it, because there are too much servers running it on port 22 which is much easier to find.
No the new port will not be logged by CSF like is done with port 22.
This can be done by changing this to the new port in csf.conf:
PORTS_sshd = "22"
however, in that case port 22 hammering will not be logged anymore. But that doesn't matter much either because ssh is not running on that port anymore.
Re: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 13 Oct 2018, 09:50
by peopleinside
WoW Thank you, great and complete reply.
So CSF know what is the SSH port by the line
PORTS_sshd = "22"
will be interesting understand if this is only for log or also add more security to the sshd port. Maybe not because if i log correctly an alert is sent maybe is not only email me about blocked attempts.
Re: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 13 Oct 2018, 13:37
by Black Tiger
You're welcome.
CSF does not only log but also blocks the user which makes the attempts. That is the default behaviour.
The mail you get is always to notify you that a user has been blocked because of the attempts.
Or maybe I do not understand you correctly.
Re: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 13 Oct 2018, 13:39
by peopleinside
CSF does not only log but also blocks the user which makes the attempts.
Yes, as from i have understood will block for example brute force to port 1000 also if this is not the default SSH port and has been not setup
PORTS_sshd
Maybe setup PORTS_sshd will only ass log emailed when someone try to login and fail login.
Re: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Posted: 13 Oct 2018, 13:59
by Black Tiger
No as far as I know if you change ports_sshd to a custom port then the custom port will be protected like port 22 was.