List of content you will read in this article:
Today, secured communication is one of the biggest priorities for every organization, as major tasks are being done by transferring data from one device to another over the network. Thus various strategies are being implemented to ensure complete security to keep the integrity of the data while transferring. Some companies work on crucial data that need to be secured. Thus, they set rules for communicating with other devices over the internet. With this post, you will get a brief understanding of the what is SSH?, default SSH port number, how to change and how it works.
SSH became an extension of the traditional telnet protocol. However, telnet was not that secure and thus replaced by SSH over time. If you are a system administrator, then you might have used ssh. SSH vs Telnet: Understanding the Importance of Secure Connections
What is SSH Protocol? (SSH Full Form)
SSH (Secure Shell) is a vital network protocol that allows secure communication between devices, even over unsecured networks. It provides powerful features for:
- Remote Login: Enables encrypted access and command execution on remote servers, essential for system administrators and developers.
- Secure File Transfer: Offers safe file transfers using protocols like SFTP (SSH File Transfer Protocol) protecting sensitive data.
- Network Tunneling: Creates secure "tunnels" to route other application traffic, enhancing privacy and bypassing network restrictions.
SSH uses strong encryption methods to safeguard all data exchanged during a session, deterring attackers from intercepting or tampering with your communications. It provides a secure channel over an unsecured network by using a client-server architecture, where the SSH client connects to the SSH server. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.
This protocol is an essential tool for managing servers, network devices, and for executing a wide range of tasks securely, from system updates and installations to monitoring and troubleshooting. SSH replaces insecure legacy protocols such as Telnet, rlogin, and FTP, making it the standard for secure remote server access in today's interconnected world.
What is Default SSH Port Number?
An SSH port is a virtual doorway that enables SSH connections between devices. Think of it as a specific address on a server waiting for secure shell communication. Here's how it works:
- Network Communication: All network communication relies on ports. There are over 65,000 possible ports, each associated with different services.
- SSH Default Port: Port 22 is the standard designated port for SSH connections.
- Changing the Default: For enhanced security, it's highly recommended to change the default SSH port to a different, less obvious one. This makes it harder for attackers to target your SSH connection.
- Role in SSH: The SSH port is essential for implementing the SSH protocol, which provides secure remote logins, encrypted file transfers, and other key features.
Key takeaway: An SSH port number acts like a communication channel specifically for SSH traffic, with port 22 being the default.
How does SSH work? [A Complete Guide]
The SSH protocol works in the client-server model, where one device is the server and the other acts as a client. The SSH client will establish the connection process and use public-key cryptography to verify the identity of the SSH server. After the connection has been set up, the SSH protocol will use strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is being transferred between the client and server.
The image below will show the server and client data flow.
In the process of working on the SSH protocol, we will be discussing various steps that take place.
- Establishing an SSH connection.
- Session encryption negotiation.
- User authentication.
Step 1: Establishing an SSH connection
To create an SSH connection, you need to run a command from the client’s machine, as shown below.
Once the command runs, a session encryption negotiation process will start.
Step 2: Session encryption negotiation
Once the request has been sent to the server, the server will send the client a set of encryption protocols being supported by the server. The server will then use the public key as the authentication method. The client will match the server’s set of protocols with its own. If the protocol matches, then both machines will agree to establish the connection and start the data transfer.
The client will compare the server's public key to the locally stored private key while establishing the connection for the first time. If both the keys match, the client and server will start the symmetric encryption method for communicating during the SSH session. For this communication to occur, they will start communicating using an asymmetrically encrypted process that works on the Diffie-Hellman (DH) key exchange algorithm for securely creating a cryptographic key over a public network. For generating a key, the machines will be performing the following steps:
- Both the machines will agree on two numbers which are a modulus and a base number. To prevent brute force key decryption, you must choose a modulus as a prime number of at least 600 digits.
- The machines will individually choose one number and apply it to the two public numbers equation.
- The server and the client will then exchange these calculated values.
- Each machine will perform a calculation based on the result received from the other, as shown below.
After the process, a shared secret key will be generated that will be shared between both devices.
Step 3: User authentication
The most commonly used SSH user authentication methods are passwords and SSH keys. The clients will send the encrypted passwords to the server securely. However, in some scenarios, the passwords are considered a risky authentication method as the password's strength depends on how the user creates the password.
While using the asymmetrically encrypted SSH public-private key pairs is considered a better option than passwords. Once the client decrypts the message, the server will then grant the required system access to the client.
To generate an SSH key pair, you must type ssh-keygen in the terminal. Then, the system will generate and store the keys, as shown below.
SSH was introduced to update the insecure terminal emulation, for instance, rlogin or Telnet. SSH performs the same functions with more flexibility and comfort. Not just this, but it also replaces several file transfer programs. For instance, File Transfer Protocol and Remote Copy.
The primary aim of SSH is to connect the remote host in case of a terminal session. You use the following command to achieve the task:
What does this Linux command do?
Well, this command will help the client to connect to the server.
Moving onto the next segment, SSH has various associated uses, which are listed below.
Uses of SSH
- By default, you will get the SSH terminal for MAC, Windows, and Unix system.
- Various kinds of communications can be secured with the help of SSH connections between a remote host and a local machine.
- It is also used to manage routers, virtualization platforms, server hardware, file transfer applications, and much more.
- You can also connect to servers and use tools or the terminal to upload and exit.
- SSH keys come with SSO, or single sign-on, that helps the users to move between the accounts without inserting the password every time
Additionally, it plays an important role in access management and identity management. The SSH traffic is highly encrypted as well. It also assists you with the secure issuance of commands on several remote devices. You can expect secured as well as automated file transfers. Also, be assured of the security management of your network infrastructure components.
In a nutshell, SSH is widely used in scripts and several other software to access data and resources remotely and securely. Now, let us incline our focus on our core topic, that is, the SSH default port.
Why Change the Default SSH Port?
While port 22 is the standard for SSH, using it leaves your server more vulnerable. Here's why changing it is a smart security practice:
- Brute-Force Attacks: Automated scripts and bots constantly scan the internet for open port 22, trying to crack passwords with repeated login attempts (brute-force attacks). An unusual port number significantly reduces this risk.
- Reduced "Noise": A standard SSH port receives constant connection attempts, many of them unauthorized. This generates unnecessary logs and can mask real attack attempts.
- Security Through Obscurity: It's one layer of defense (not a replacement for strong passwords or firewalls!). Attackers are less likely to spend time probing random ports.
- Improved Organization: If you manage multiple servers, using different SSH ports can help to identify and manage them more easily.
Important Note: Changing the SSH port isn't foolproof security. Always prioritize strong passwords, use key-based authentication when possible, and keep your SSH server updated.
How to Change the Default SSH Port?
1. To change default SSH port, you must edit the sshd_config file. Besides, keeping a backup of your file is always a good option. Use this command to create a backup first:
ubuntu@ubuntu:~$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
This command creates a copy of the file in the same directory.
2. The next step is to change the default SSH port. Open the ssh_config file in any editor. Now, enter the following command:
ubuntu@ubuntu:~$ gedit /etc/ssh/sshd_config
3. After you execute this command, the mentioned file opens in the text editor. Search this line in the code:
4. Now, say you want to shift your port number to 45673. For that, remove the hash (#) sign and insert the desired port number instead of 22. Take a look:
5. Besides, do not forget to whitelist this port on your firewall to avoid locking yourself from your device.
Moving on, it’s time to restart SSH.
6. To restart the server to load the changes, you must follow this command as given below:
ubuntu@ubuntu:~$ sudo service sshd restart
As soon as you restart your device, you can see the changes that you made. Keep in your mind the most important security configuration is changing the default ssh port number just after you Purchase Linux VPS.
You can easily test the changes without logging out of your SSH session. Complete Tutorial: Changing the SSH Port on CentOS for Enhanced Security
How to Test the Changes?
After you successfully change the default port, you must mention the port number to establish a connection with the server. Here is the command that you need to execute:
ubuntu@ubuntu:~$ ssh username@userIP -p 45673
You set your port number as 45673.
Therefore, you can see that the process is extremely easy and simple. You need to execute a few commands and are good to go.
Capabilities of Secure Shell
Secure Shell (SSH) offers a wide range of capabilities that make it an indispensable tool for secure remote administration and data transfer. Some of its key capabilities include:
- Secure Remote Access: SSH enables secure remote access to SSH-enabled network systems or devices, allowing users to manage them remotely.
- Interactive File Transfer: Users can securely transfer files between local and remote systems in an interactive and encrypted manner.
- Automated and Secured File Transfers: SSH supports automated and secure file transfers, making it ideal for tasks like backup systems and configuration management.
- Secure Command Execution: SSH allows users to issue commands on remote devices or systems securely. This is particularly useful for automated processes and remote management.
- Network Infrastructure Management: Administrators rely on SSH for secure management of network infrastructure components, such as routers and server hardware.
SSH is a versatile protocol that caters to various use cases, from simple remote access to complex automation and management tasks.
Security Risks and Mitigations:
SSH is generally secure, but there are potential risks to be aware of:
- Brute-Force Attacks: Attackers may attempt to guess passwords. Mitigate this by using strong passwords, key-based authentication, or fail2ban, which automatically bans IP addresses with repeated failed login attempts.
- Man-in-the-Middle (MitM) Attacks: Employ the SSH known_hosts file to verify the identity of the remote host and consider using SSH certificates.
- Unauthorized Access: Limit SSH access to trusted users and IP ranges through firewall rules or security groups.
- Two-Factor Authentication (2FA): Enable 2FA for SSH access. This requires users to provide a second authentication factor (e.g., a one-time code) in addition to their password or SSH key.
- Security Tokens: Implement security tokens or hardware-based authentication methods for added security. These physical devices generate secure codes for login.
SSH Best Practices
When it comes to using SSH securely, following best practices is crucial to maintaining the integrity of your network and data. Here are some recommended practices to consider:
- Strong Password Policies: If you opt for password authentication, ensure your passwords are complex and regularly updated. Use a combination of upper and lower-case letters, numbers, and special characters. Implement password policies that enforce these requirements.
- Key Management: Utilize SSH keys for authentication whenever possible. SSH keys offer stronger security compared to passwords. Ensure that keys are adequately protected with passphrases and stored securely.
- Disable Root Login: By default, SSH often allows root login. Disable direct root login and use a regular user account to log in, then switch to the root user using the sudo command when necessary. This reduces the risk of unauthorized access.
- Firewall Rules: Employ firewall rules to restrict SSH access to trusted IP addresses or networks. This helps prevent unauthorized access attempts.
- Regular Updates: Keep your SSH server and client software up to date to address any security vulnerabilities. Enable automatic updates if available.
- Logging and Monitoring: Enable SSH logging to track login attempts and monitor SSH activity. Regularly review logs for suspicious activity that might indicate a security breach.
Common SSH Commands:
Here are some common SSH commands that will help you manage your SSH connections effectively:
- Connecting to a Remote Server:
- Transferring Files (SCP):
scp file.txt username@hostname:/path/to/destination
- Generating SSH Key Pair:
ssh-keygen -t rsa -b 2048
- SSH Key Authentication:
- Changing Default Port (Example - Change to Port 2222):
nano /etc/ssh/sshd_config # Change 'Port 22' to 'Port 2222' service ssh restart
- SSH Access Control (Allow specific users/groups):
nano /etc/ssh/sshd_config # Add 'AllowUsers username' or 'AllowGroups groupname' service ssh restart
There are several SSH implementations and clients commonly used across different operating systems:
- OpenSSH (Unix-Based Systems): OpenSSH is the default SSH implementation for Unix-based systems like Linux and macOS. It's highly reliable, secure, and comes pre-installed on most Unix-based platforms.
- PuTTY (Windows): PuTTY is a popular SSH client for Windows. It provides a user-friendly interface for connecting to remote servers securely. PuTTY also includes tools like PuTTYgen for managing SSH keys. Learn How to Create an SSH Key
- SSH in PowerShell (Windows): In recent years, Microsoft has integrated OpenSSH into Windows PowerShell, making it easier for Windows users to utilize SSH without third-party applications.
SSH tunneling, also known as SSH port forwarding, is a powerful feature that allows you to securely access remote services or resources. Here's how it works:
- Local Port Forwarding: Use local port forwarding to access a remote service via an SSH tunnel. For example, you can secure your web traffic by tunneling it through SSH:
ssh -L 8080:remote-service:80 username@hostname
This forwards local port 8080 to the remote service's port 80.
- Remote Port Forwarding: With remote port forwarding, you can allow remote hosts to access services on your local machine. This can be useful for securely accessing services on your local network:
ssh -R 8080:localhost:80 username@hostname
This forwards remote port 8080 to your local machine's port 80.
SSH Port Forwarding
SSH port forwarding, also known as SSH tunneling, is a technique that enables users to establish secure tunnels between a local host and a remote host. This capability is particularly useful for accessing remote services securely or bypassing firewalls. SSH port forwarding includes two main types:
- Local Port Forwarding: This allows you to redirect traffic from a local port to a remote service through an SSH connection. For example, you can securely access a web server running on a remote machine by forwarding your local port to the remote server's port.
- Remote Port Forwarding: With remote port forwarding, you can expose a local service to a remote host securely. This is helpful when you want to make a service on your machine accessible to a remote server or network.
SSH port forwarding is a powerful feature that can enhance security and enable access to resources in otherwise restricted environments.
How to Set Up SSH Port Forwarding in Linux
Setting up SSH port forwarding in Linux is straightforward. Here's a basic example of how to forward a local port to a remote server:
- Open a terminal and use the following command:
ssh -L local_port:remote_service:remote_port username@hostname
Replace local_port with the local port number you want to use, remote_service with the name or IP address of the remote service, remote_port with the remote service's port, username with your SSH username, and hostname with the remote server's hostname or IP address.
- Once the SSH connection is established, you can access the remote service by connecting to localhost on the local_port.
This example demonstrates local port forwarding, but you can also use remote port forwarding to expose local services to remote hosts.
Troubleshooting SSH Issues
Common SSH issues can be frustrating, but they're often solvable. Here are some tips for troubleshooting:
- Connection Refused: Ensure the SSH server is running and reachable. Check firewall rules and network connectivity.
- Permission Denied (Publickey): This error often indicates an issue with SSH key authentication. Verify that your public key is properly added to the remote server's authorized_keys file.
- Authentication Failures: If you encounter authentication failures, double-check usernames, passwords, or SSH keys. Also, review your server's authentication settings.
- Port 22 Blocked: If you're unable to connect, check if port 22 (the default SSH port) is blocked by a firewall. Consider changing the SSH port if needed.
This secure shell network is the commonly used process to secure the connection between devices over the network. Many companies have implemented SSH protocols to ensure complete data transfer safety. The default SSH port number is 22. Still, it becomes risky in many scenarios where you need to transfer crucial data. You need to change the SSH port number to prevent a brute-force attack.
In this article, we have mentioned various features and working of SSH Port Number, and It’s working. Using this guide, you can change the Default SSH port number per your requirement.