Tag Archives: openssh

Ubuntu Server: How to Change the default SSH Port from 22 Tips, Tricks and Tutorials 26 AUG 2013

ubuntu-10-logoBy default the SSH daemon listens on port 22 for incoming connections, meaning that in order to harden your server installation ever so slightly, you should switch out the default port 22 to something a little more obscure.

To do this is relatively easy. Simply open the the config file and change the Port declaration (which is right near the top of the file):

sudo nano /etc/ssh/sshd_config

After changing the value to something like 2211, save the file and exit.

now reload the service daemon with:

sudo reload ssh

Important, don’t yet log out of your current root SSH session! We first need to test if our change was successful. So launch up a new terminal and log in to your server using the new port number:

ssh -p 2211 myusername@44.56.71.101

If you successfully connect, great, you know your change was a success. You can further ease your mind by trying to SSH in via a new terminal using the old port number – this connection attempt should fail.

Now that you know the change has been made, you can log out of your initial root terminal window where you originally made the change.

Done.

Ubuntu: How to Setup a SSH Tunnel via a Terminal CodeUnit 26 OCT 2012

SSH tunnels are useful beasts in that they allow you to communicate with machines and ports on a private network which are not directly accessible to the external world, by building a bridge between your local machine and a machine in the walled off network to which you happen to have SSH access to.

The diagram below shows you an example whereby to gain access to a Oracle server on Port 1521, you would first SSH into a linux box on the inside network and then create a SSH tunnel which would transport traffic between your machine and the Oracle server.

Another example could be if you have MySQL installed on your server but have cut off external access to the database server, leaving only SSH open. In this case, you would connect into the box via SSH and create a tunnel to the MySQL database server on localhost port 3306.

To create a SSH tunnel is fairly simple and can be created with this command:

ssh -f remote-server.net -p 22 -l myusername -L 3307:localhost:3306 -N

The line above first connects to remote-server.net via SSH on port 22 using the user name ‘myusername’, and then sets up a SSH tunnel connecting port 3307 on your local PC (i.e. 127.0.0.1) and hooking it up to port 3306 on the remote-server.net box itself. Of course you could have created a connection to any other box that remote-server.net has direct access to.

You should be prompted for a password when running this command. Note that the -f switch means that this process will be started in the background and the trailing -N instructs OpenSSH not to execute the command on the remote server.

Nifty.

How to Enable SSH Remote Access on a New Ubuntu Server 10.10 Install CodeUnit 08 APR 2011

Being able to administer your Ubuntu servers remotely is one of the most important aspects when running your own server environment, which makes the extremely useful OpenSSH server package an almost critical part of your system after install.

Because it is not installed by default (though the option does form part of the installer process), it is pretty simple to enable afterwards.

Once you have finished your install and logged in, update your apt-get sources by entering:

sudo apt-get update

(If you don’t do this and try installing openssh-server directly, you’ll most likely encounter a “openssh-server has no install candidate” error. Try it for yourself if you don’t believe me)

Once this has completed updating your packages, install the OpenSSH server onto your system with:

sudo apt-get install openssh-server

Done.

You may want to further configure SSH access on your system (like change the default port for added security for example), which can be done by editing the config file at /etc/ssh/sshd_config and make the required changes (disabling root logins is also always a good idea).

Note, you can check if SSH has been installed and is running by running the following PS check:

ps -aef | grep sshd

Nifty.