Changing SSH port is a good idea if you want to reduce the possibility of being hacked by bots that scan every network node every day to try to log in your servers using popular weak passwords.
You don’t really need to change SSH port if:
- your servers are running in a private network, not publicly exposed to the internet;
- your servers are publicly exposed but you’ve disabled password authentication and you keep your SSH keys private.
Following is three basic steps:
- Add a firewall rule to open the new port
- If SELinux is enabled, modify its policy to allow the new port
- Configure SSH daemon
The above order ensures that you won’t accidentally block yourself out.Continue reading