In the past recent days, I noticed an automated brute force attempt to login into my server via SSH. The default port for SSH is port 22 and having an online server exposes you into an automated attacks. One way to prevent or limit this type of attack is by changing the default SSH port.



SSH brute force attack logs

sshd config

You can change the default ssh port by editing the sshd configuration file.

sudo nano /etc/ssh/sshd_config

Find the line that say #Port . Remove the # symbol and set the port number you prefer.

Refer to the image below as reference.



Change sshd port

Logging In

After you change the SSH port you can now login from the terminal like this.

Transfer files using scp with capital -P as parameter

Result

After changing the default SSH port I don’t have any brute force login attempts as of this writing. Of course we will need to actively monitor our server for any attacks and take necessary actions.

It is important that we secure our online Linux servers by having latest security patch installed,

firewall enable and uninstall unnecessary softwares. I am not a cybersecurity expert but I think taking the basic security measures will improve our chances against online attacks.