Change SSH port

okfn · Jan 8, 2025 · c2aca15 · c2aca15
1 parent c2f9839
commit c2aca15
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -14,6 +14,22 @@ Therefore, in order to execute you will need to copy an `id_rsa.pub` public key
 will then take care to append that public key to the `/home/sysadmin/.ssh/authorized_keys` file so you can login using ssh with the newly
 created sysadmin user (assuming you have the private key in your machine).
 
+## ssh port
+
+This script will change the default ssh port from 22 to 1222 so in order to log in again you will need to either parametrize the `ssh` command or add a
+custom configuration to your `~/.ssh/config` file.
+```bash
+ssh -p 1222 [email protected]
+```
+
+```
+# ~/.ssh/config
+Host 1.2.3.4
+  User sysadmin
+  IdentityFile ~/.ssh/id_rsa # Or whatever your ssh key is.
+  Port 1222
+```
+
 ## How to execute
 Copy to the host both the script and the public key for the sysadmin account that will be created then execute the script.
 
@@ -32,7 +48,7 @@ ssh [email protected]
 Before closing the root session, check that you are able to login with the new sysadmin account:
 
 ```bash
-ssh [email protected]
+ssh -p 1222 [email protected]
 ```
 
 If you are able to login with the sysadmin account, close the root session. You can validate that root login is disabled by executing:

diff --git a/vps-setup.sh b/vps-setup.sh
@@ -30,20 +30,21 @@ update_apt() {
 }
 
 setup_firewall() {
-  echo -e "${GREEN}Installing firewall and opening only ports 22, 80 and 443... ${RESET}"
+  echo -e "${GREEN}Installing firewall and opening only ports 1222 (ssh), 80 and 443... ${RESET}"
   apt-get install ufw -qq
   ufw default deny incoming
-  ufw allow 22/tcp
+  ufw allow 1222/tcp
   ufw allow 80/tcp
   ufw allow 443/tcp
   ufw enable
 }
 
-disable_password_and_root_login() {
-  echo -e "${GREEN}Disabbling password authentication and root login from SSH...${RESET}"
+setup_ssh_daemon() {
+  echo -e "${GREEN}Disabbling password authentication, root login and changing SSH port to 1222...${RESET}"
   sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
   # prohibit-password is Debian's default
   sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
+  sed -i 's/#Port 22/Port 1222/' /etc/ssh/sshd_config
   systemctl restart ssh
 }
 
@@ -76,7 +77,7 @@ add_sysadmin_user() {
 main () {
     update_apt
     setup_firewall
-    disable_password_and_root_login
+    setup_ssh_daemon
     setup_fail2ban
     setup_logwatch
     install_utils