How to configure the Uncomplicated Firewall (UFW) and change the SSH port.
-
Change the SSH port to be something besides the default port 22. This may reduce the number of attempted attacks on your server.
-
Change the SSH port.
While logged in as a user with sudo privileges, change your SSH port from the default 22 to a number in [1025, 65536). Make a note of your new port number, or you will be unable to login after making this change.
Open the sshd configuration file:
sudo nano /etc/ssh/sshd_config
And change the following line to set your new port number:
# What ports, IPs and protocols we listen for Port {your-new-port-number}
Reload the ssh:
reload ssh
Now when you try to SSH into the server, you will need to specify the port:
ssh {username}@{your-server-ip-address} -i {rsa identity file} -p {your-new-port-number}
-
Create a temporary backdoor.
To avoid locking yourself out, first create a temporary backdoor with your ip address.
sudo ufw allow from {your-ip-address}
Later on, you can remove this backdoor by calling
sudo ufw delete allow from {your-ip-address}
. -
Only allow incoming packets on your SSH port, HTTP (port 80), and NTP (port 123).
Create a new rule allowing incoming tcp and udp packets on each of these ports.
sudo ufw allow {your-new-SSH-port-number} sudo ufw allow 80 sudo ufw allow 123
-
Enable the firewall.
sudo ufw enable
If you need to disable the firewall at some point, call
sudo ufw disable
.
Step 1: Digital Ocean
Step 2-4: Ubuntu