# ssh change port

## badgers

Hey, I was checking my /var/log/messages and it seems someone is trying to get into my box.

the one at the bottom is me! so that is ok, but should I move my ssh to a different port to keep people from finding my ssh server?

any help is appreciated

Sep 12 16:00:29 myth_hostname sshd[28807]: Invalid user madelyn from 211.172.241.7

Sep 12 16:00:31 myth_hostname sshd[28934]: Invalid user doug from 211.172.241.7

Sep 12 16:00:32 myth_hostname sshd[28996]: Invalid user stacy from 211.172.241.7

Sep 12 16:00:34 myth_hostname sshd[29025]: Invalid user laura from 211.172.241.7

Sep 12 16:00:36 myth_hostname sshd[29030]: Invalid user peter from 211.172.241.7

Sep 12 16:00:38 myth_hostname sshd[29035]: Invalid user billy from 211.172.241.7

Sep 12 16:00:40 myth_hostname sshd[29040]: Invalid user melissa from 211.172.241.7

Sep 12 16:00:42 myth_hostname sshd[29059]: Invalid user dane from 211.172.241.7

Sep 12 16:00:44 myth_hostname sshd[29093]: Invalid user kelly from 211.172.241.7

Sep 12 16:00:45 myth_hostname sshd[29098]: Invalid user kraig from 211.172.241.7

Sep 12 16:00:47 myth_hostname sshd[29107]: Invalid user travis from 211.172.241.7

Sep 12 16:00:49 myth_hostname sshd[29144]: Invalid user candace from 211.172.241.7

Sep 12 16:00:51 myth_hostname sshd[29177]: Invalid user edvin from 211.172.241.7

Sep 12 16:00:53 myth_hostname sshd[29185]: Invalid user erving from 211.172.241.7

Sep 12 16:00:55 myth_hostname sshd[29222]: Invalid user julius from 211.172.241.7

Sep 12 16:00:56 myth_hostname sshd[29227]: Invalid user eduard from 211.172.241.7

Sep 12 16:00:58 myth_hostname sshd[29232]: Invalid user marion from 211.172.241.7

Sep 12 16:01:00 myth_hostname sshd[29242]: Invalid user johnathan from 211.172.241.7

Sep 12 16:01:02 myth_hostname sshd[29273]: Invalid user alex from 211.172.241.7

Sep 12 16:01:04 myth_hostname sshd[29278]: Invalid user client from 211.172.241.7

Sep 12 16:01:06 myth_hostname sshd[29287]: Invalid user ted from 211.172.241.7

Sep 12 16:01:07 myth_hostname sshd[29322]: Invalid user timmoty from 211.172.241.7

Sep 12 16:01:09 myth_hostname sshd[29327]: Invalid user clinton from 211.172.241.7

Sep 12 16:01:11 myth_hostname sshd[29332]: Invalid user henry from 211.172.241.7

Sep 12 16:01:13 myth_hostname sshd[29339]: Invalid user sean from 211.172.241.7

Sep 12 16:01:15 myth_hostname sshd[29352]: Invalid user tarantino from 211.172.241.7

Sep 12 16:01:17 myth_hostname sshd[29357]: Invalid user sundance from 211.172.241.7

Sep 12 16:01:19 myth_hostname sshd[29362]: Invalid user justin from 211.172.241.7

Sep 12 16:01:20 myth_hostname sshd[29367]: Invalid user dustin from 211.172.241.7

Sep 12 16:01:22 myth_hostname sshd[29372]: Invalid user maurice from 211.172.241.7

Sep 12 16:01:24 myth_hostname sshd[29377]: Invalid user morris from 211.172.241.7

Sep 12 16:01:26 myth_hostname sshd[29382]: Invalid user malcom from 211.172.241.7

Sep 12 16:01:28 myth_hostname sshd[29387]: Invalid user patrick from 211.172.241.7

Sep 12 16:01:30 myth_hostname sshd[29392]: Invalid user seinfeld from 211.172.241.7

Sep 12 16:01:32 myth_hostname sshd[29397]: Invalid user end from 211.172.241.7

Sep 13 07:21:05 myth_hostname sshd[32411]: Did not receive identification string from 68.20.164.150

Sep 13 09:28:24 myth_hostname sshd[32563]: Accepted keyboard-interactive/pam for root from 12.20.65.30 port 26509 ssh2

Sep 13 09:28:24 myth_hostname sshd(pam_unix)[32569]: session opened for user root by root(uid=0)

----------

## iarwain

I changed mine to 40022 and the number of access attemps dropped to zero. So yes, I think it's a good idea.

----------

## plastikman187

You could also make a /etc/hosts.allow and a /etc/hosts.deny

the below are examples of course

hosts.allow

```

ALL: .gentoo.org

ALL: 207.217.77.82

```

hosts.deny

```

ALL:ALL

```

Having these files allows only people from the domain specified or the IP specified.

----------

## badgers

how did you change it?

/etc/ssh/sshd_conf

----------

## WladyX

 *badgers wrote:*   

> how did you change it?
> 
> /etc/ssh/sshd_conf

 

Edit /etc/ssh/sshd_config and change the port, you have an option there that is called "Port" changed it from 22 to whatever you want, make sure that that line isn't comented, restart the sshd service and you're done.

----------

## badgers

this may sound silly but I just tried it and it seems that maybe I shouldn't have tried it while using ssh..

----------

## christsong84

 *badgers wrote:*   

> this may sound silly but I just tried it and it seems that maybe I shouldn't have tried it while using ssh..

 

lol how do you mean?  just connect to the new port  :Razz: 

Mine's on 22000 and the scripts cut way back...of course I have other methods where it wouldn't work anyways  :Wink:   But it keeps the script kiddies away  :Razz: 

----------

## badgers

its fine now, thanks

I dis-allowed root login and moved it to a different port

I assumed it would disconnect my current ssh into the box because it was listening on a different port but it seemed that when I loged out and started a new session it was on the new port and I couldn't log in as root.

thanks everyone...

----------

