Secure SSH and change ssh port 22

I recently installed 2 vps by Almalinux 8 for C-panel and Jetbackup destination server

Each time I login via ssh, I see this tip:

Last failed login: Fri Mar 29 20:58:25  on ssh:notty
There were 107 failed login attempts since the last successful login.

In Almalinux of Cpanel, I changed the ssh from 22 to 793 (the cpanel team changed that) and firewall is configured

But I couldn’t use new ssh port on second machine for backups
I read many documents, I add to port number in /etc/ssh/sshd_config file, and also added rule in firewalld but stile I am login with 22 port number not with new port number.

Now I’m asking help in this:
1- How change the ssh port and hid that from bots and hackers that tried to log in?
2-how rename the “root” user to have maximum security?
3-the cpanel has fierwall but hackers find the ssh port ! is there anyway to secure that?
4-What else I can do for my 2 servers?

Thanks in advanced

Firstly, once you install CPanel, it’s not really AlmaLinux anymore, as CPanel adds a bunch of its own things. So you should probably ask CPanel support.

Also, you will have adjust SELinux settings, assuming that SELinux is enabled. This page may help.

1 Like

Im not talking about cpanel
I need to configure the second server that running fresh almalinux

I’ll cheek that link

There are actually several writeups about non-standard sshd port on RHEL.
Essentially, there are three steps:

  • Tell sshd to listen some port
  • Tell SELinux to allow the sshd to listen on that port
  • Tell firewall to allow traffic from outside to reach the port

The user of ssh client must naturally specify the port, so that ssh knows to connect to other than port 22.

Do not rename the ‘root’. You do need a regular account on the machine that you can log in with. Then set up the account to use ‘sudo’. Set sshd so that nobody can log in as ‘root’. The sshd_config has option for that. Set sshd so that the regular account can log in only with ssh key-pair – not with password. Then nobody can get in even if they would guess the password – they need access to the private part of the ssh key-pair that is on your own computer and is protected with password, “passphrase”.

There are services, e.g. fail2ban, that can be set to run on the server. If sshd logs many failed login attempts from same address, then the fail2ban adds a firewall rule to block that address.

However, there is a simpler solution. Your computer that you do connect to the servers with ssh – does it have a public IP address that does not change? It is possible to set the firewall to have the ssh port open only for that address. Then everybody else is blocked by the firewall and their attempts never reach the sshd. However, if your address does change, then your access is blocked too.

The FirewallD (that is default front-end to firewall in RHEL and Alma) has concept of “zones”. Your IP address would be in one zone, “A”, and everyone else on second zone, “B”. Zone A would open the ports that your IP should be able to access and zone B would open only the ports that everyone else should be able to access.

1 Like

I think you forgot to restart ssh service after making changes in config file. That’s why port 22 is still active.

From a cPanel admin prespective:

  1. Change the port from 22 to anything in /etc/ssh/sshd_config and then restart ssh service.
  2. Don’t do that
  3. Use SSH Keys and disable Password authentication. For more security hardening, you can refer to WHM security advisor.
  4. Create a firewall rule on 2nd server to only allow 1st server on a specific port.
1 Like

You need to change the port in /etc/ssh/sshd_config, after this you needs to allow in your firewall the same port as you allow before.

exemple, if you use firewalld performe this command:
firewall-cmd --add-port= numberport/tcp --permanent

For best security allow one user only for access SSH services, using “AllowUsers” configuration on the sshd_config.

OBS: Make sure are you making tests for this configuration on virtual machine laboratories, perform the commands in prodution if you are safelly secured.

1 Like