List of content you will read in this article:
- 1. What is SSH? [Definition]
- 2. What is an SSH port number?
- 3. How does SSH work? [A Complete Guide]
- 4. Uses of
- 6. How to change the default SSH port?
- 7. Today
SSH 5. What is the default SSH port number?
secure communication is one of the highest priorities for all organizations, as the main tasks are performed by transferring data from one device to another over the network. Therefore, various strategies are being implemented to ensure complete security to maintain data integrity during transfer. Some companies work with crucial data that needs to be protected. Therefore, they set rules for communicating with other devices over the Internet. With this post, you will get a brief understanding of the SSH port number, the default SSH port, how to change, and how it works.
SSH became an extension of the traditional telnet protocol. However, telnet was not as secure and was therefore replaced by ssh over time. If you are a system administrator, then you may have used ssh.
What is SSH? [Definition]
SSH is a network protocol for accessing the server remotely. It provides you with a secure way to meet a device over any type of unsecured network. It’s not just about the security services; it also refers to the utility bag that helps implement the SSH protocol.
There are extensive features associated with SSH. Let’s dive in!
- strong password authentication, encrypted data communication, and public key authentication
- It manages systems and applications remotely and allows others to use another computer and perform various functions
- It is a cryptographic network protocol and uses the client/server model
- You can also create secure tunnels for different application protocols. Application protocols are also used for terminal emulation or for transferring files
Now it’s time to understand the SSH port number.
What is an SSH port number?
Every communication made by ssh needs ports to connect and initiate communication
. Whether it is a wired or wireless device, it will require an SSH port. There are more than 65k communication ports available, and you can initiate communication using any of these ports. All communication is done by the default port number, which can be changed and set to any other available port number. As long as the user runs the Linux command to initiate communication between the two devices over the network, the connection will use the default SSH port number 22.
But, if you are carrying out some crucial communication that requires security, it is recommended that you change the default ssh port number to another to avoid a brute force attack. Everyone knows that 22 is the default ssh port number and is more prone to attacks, and any hacker will easily hack your transferred data. Using an ssh port, you can implement the SSH protocol.
How does SSH work? [A Complete Guide]
The SSH protocol works in the client-server model, where one device is the server and the other acts as the client. The SSH client will establish the connection process and use public key cryptography to verify the identity of the SSH server. Once the connection is configured, the SSH protocol will use strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data being transferred between the client and server.
The following image will show the server and client data flow.
In the process of working on the SSH protocol, we will discuss several steps that take place
- Establish an SSH connection
- Session encryption negotiation
- User authentication.
Step 1: Establish an SSH connection
To create an SSH connection, you must run a command from the client machine, as shown below
the command is executed, a session encryption negotiation process will start
Step 2: Session
Once the request has been sent to the server, the server will send the client a set of encryption protocols supported by the server. The server will then use the public key as the authentication method. The client will match the server’s protocol suite to its own. If the protocol matches, both machines will agree to establish the connection and initiate the data transfer.
The client will compare the server’s public key with the private key stored locally while establishing the connection for the first time. If both keys match, the client and server will initiate the symmetric encryption method to communicate during the SSH session. For this communication to occur, they will begin communicating using an asymmetrically encrypted process that works on the Diffie-Hellman (DH) key exchange algorithm to securely create a cryptographic key over a public network. To generate a key, machines will perform the following steps:
- Both machines will agree on two numbers which are a modulus and a base number. To avoid brute force key decryption, you must choose a module as a prime number of at least 600 digits.
- Machines will individually choose a number and apply it to the equation of two public numbers.
- The server and client will exchange these calculated values.
- Each machine will perform a calculation based on the result received from the other, as shown below.
After the process, a shared secret key will be generated and shared between both devices
Step 3: User
The most commonly used SSH user authentication methods are passwords and SSH keys. Clients will send encrypted passwords to the server securely. However, in some scenarios, passwords are considered a risky authentication method, because the strength of the password depends on how the user creates the password.
While using asymmetrically encrypted SSH public and private key pairs is considered a better option than passwords. Once the client decrypts the message, the server will grant the client the required system access.
To generate an SSH key pair, you must type ssh-keygen in the terminal. The system will then generate and store the keys, as shown below.
was introduced to update insecure terminal emulation, for example, rlogin or Telnet. SSH performs the same functions with more flexibility and convenience. Not only this, but it also replaces various file transfer programs. For example, File Transfer Protocol and Remote Copy.
The main purpose of SSH is to connect the remote host in case of a terminal session. Use the following command to accomplish the task:
What does this Linux command do?
Well, this command will help the client connect to the server
Moving on to the next segment, SSH has several associated uses, which are listed below.
- By default, you will get the SSH terminal for MAC, Windows, and Unix system
- Various types of communications can be secured with the help of SSH connections between a remote host and a local machine
- It is also used to manage routers, virtualization platforms, server hardware, file transfer applications, and much more.
- You can also connect to the servers and use the tools or terminal to load and exit.
- SSH keys come with SSO, or single sign-on, which helps users move between accounts without inserting the password each time
In addition, it plays an important role in access management and identity management. SSH traffic is also highly encrypted. It also helps you with securely issuing commands on various remote devices. You can expect secure and automated file transfers. Plus, rest assured of managing the security of your network infrastructure components.
Simply put, SSH is widely used in scripts and various other programs to access data and resources remotely and securely. Now, let’s tilt our focus towards our core topic, i.e. the default SSH port.
What is the default SSH port number?
This default SSH port number 22 is considered unsafe for crucial data transfers. Changing the default port number to another port is smart to avoid brute force attacks. In total, there are 65,536 communication ports.
Now, each connection is initialized through this port. In addition, there are several cases where it is necessary to change the default SSH port number for security reasons. Security measures become necessary to protect the server from brute force attacks.
When we talk about brute force attack, it is an error method to decrypt the wrong data. For example, figuring out passwords through exhaustive efforts rather than algorithms. It means hit and test until you crack the code. Also, since port 22 is clearly the default communication port, it is easier for unauthorized parties to access the data.
When you change this port to another, the hacker has to try several other ports to ultimately find an open port. Therefore, to put any hacker off limits, this step can be taken.
But the question is, how to change the default SSH port?
How to change the default SSH port?
1. To change the default SSH port, you need to edit the sshd_config file. Also, keeping a backup of your file is always a good option. Use this command to create a backup first
This command creates a copy of the file in the same directory
2. The next step is to change the default SSH port. Open the ssh_config file in any editor. Now, enter the following command
ubuntu@ubuntu:~$ gedit /etc/ssh/sshd_config
3. After running this command, the mentioned file opens in the text editor. Look for this line in the code:
4. Now, suppose you want to change your port number to 45673. For that, remove the hash sign (#) and insert the desired port number instead of 22. Take a look:
5. Also, don’t forget to whitelist this port on your firewall to avoid being blocked from your device.
Moving on, it’s time to restart SSH.
6. To restart the server to load the changes, you
need to follow this command as follows
ubuntu@ubuntu:~$ sudo service sshd
As soon as you restart your device, you will be able to see the changes you made. Note that the most important security setting is to change the default ssh port number right after purchasing Linux VPS.
You can easily test the changes without logging out of your SSH session.
How to test changes?
After you successfully change the default port, you must mention the port number to establish a connection to the server. Here is the command you need to run
ubuntu@ubuntu:~$ ssh username@userIP -p
Set its port number to 45673
So, you can see that the process is extremely easy and simple. You need to run a few commands and you’re ready to go.
This secure shell network is the process commonly used to secure the connection between devices over the network. Many companies have implemented SSH protocols to ensure complete security of data transfer. The default SSH port number is 22. Still, it becomes risky in many scenarios where you need to transfer crucial data. You must change the SSH port number to avoid a brute force attack. In this article, we have mentioned several features and the operation of the SSH port number, and it is working. With this guide, you can change the default SSH port number according to your needs.
People are also reading:
- What’s the difference between Telnet and
- Linux How
- to generate an SSH key
- What is an SSH KEY?
SSH? How to change the SSH port How to SSH