Setting the default port for ssh and sftp
There are many reasons to change the default port for ssh from 22 to something else. If you're running sshd (the ssh server), you've undoubtedly seen the long lists of junk in the logs created by script kiddies (also known as "really stupid people") who try to log in using common passwords like '12345' and 'password.' These attacks are more annoying than dangerous, because all they do is clog up the system logs. Often, small sites find it's easier just to change the port number than to deal with it.
Another reason is that in many organizations, the IT department is run by Windows people who have never heard of Secure Shell. These guys tend to know little or nothing about security—their idea of a firewall is a $10,000 box that blocks every port except 80, 25, and 443. Sometimes, if they're particularly clueful, they will also leave 53 open. The CEO, who only uses email and a Web browser, doesn't complain. So as far as IT is concerned, that makes it correct.
So you may need to change the default port. In Openssh, it can be done on the command line (or, for programs like Putty, in the menus), but it's easier to set a system-wide default to set the appropriate port for each server. That eliminates the need to explain to your users why they have to remember a different port number for each server. If you make it too complicated, they're liable to give up and switch to telnet instead. You don't want that.
Find which config file you need to edit. Usually it's in
/etc/ssh, but I've also seen it in many other random places, depending on how sshd was compiled. I've even seen systems that had two or three different sshd_config files in different places. Editing the wrong one would be an exercise in frustration.
strings /usr/sbin/sshd | grep sshd_config
Edit the sshd_config file, and add the port numbers you want to listen on,
one on each line, like this:
cd /etc/init.dIt's safe to re-start sshd even while you're logged in over sshd. Of course, if you killed sshd first you'd be logged out. A sensible precaution if you're just starting out would be to start up telnetd, just in case.
Find which config file you need to edit. It's not always in
strings /usr/bin/ssh | grep ssh_config
Edit the ssh_config file, and add a section for each server, like this:
Set the permissions of the path to ssh_config. The user must have execute
permission for each directory in the path, and the ssh_config file must be
world-readable. Otherwise, the port assignments will only work for root.
chmod a+x /etc/ssh
chmod a+r /etc/ssh/ssh_config
- There is no need to re-start sshd.