- Product Introduction
- Tutorial
- Release Notes and Announcements
- Public Image Updates
- Announcements
- Price Reduction in Selected Availability Zones
- WebShell Proxy IP Addresses Updates
- Windows Server 2003 System Images End of Support Announcement
- Pay-as-you-go Price Adjustments for Standard S3 CVMs in the Silicon Valley Region
- Vulnerability repairing for Linux images
- Windows Server 2008 R2 Enterprise Edition SP1 64-bit Images End of Support Announcement
- Upgrading Virtio network card drive for Windows CVMs
- Solution to Tomcat Start Failure on Ubuntu14.04
- Stopping supporting for Ubuntu 10.04 images
- About Configuration of Security Group Port 53
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Guide Overview
- Use Limits Overview
- Instances
- Creating Instances
- Batch Sequential Naming or Pattern String-Based Naming
- Generating API Explorer Reusable Scripts to Create Instances
- Resource Adjustment
- Query Info
- Renaming Instances
- Resetting Instance Password
- Management instance IP address
- Change Instance Subnet
- Change Security Group
- Search Instances
- Export Instances
- Renewing Instances
- Querying the Repossession Status of a Spot Instance
- Shutdown Instances
- Logging into Linux Instance
- Restarting Instances
- Logging into Windows instance
- Reinstalling System
- Terminating Instances
- Instance Repossession
- Spot Instances
- No Charges When Shut Down for Pay-as-You-Go Instances
- Managing Roles
- Starting Up Instances
- Reserved Instances
- Images
- Service Migration
- Online Migration
- Overview
- Online Migration Tool
- Tencent Cloud Migration Tutorial
- Migration Tutorial for Different Source Environments
- Migrating AWS EC2 Data to Tencent Cloud
- Migrating Alibaba Cloud ECS Data to Tencent Cloud
- Migrating Huawei Cloud ECS Data to Tencent Cloud
- Migrating UCloud UHost Data to Tencent Cloud
- Migrating Baidu Cloud BCC Data to Tencent Cloud
- Migrating VMWare Virtual Machine Data to Tencent Cloud
- Migrating China Telecom e-Cloud Cloud Server Data to Tencent Cloud
- Offline Migration
- Contact Us
- Online Migration
- Cloud Block Storage
- Network
- Security
- Security Groups
- Protection of Sensitive Operations
- Managing Login Password
- Managing SSH keys
- Spread Placement Group
- Unblocking Port 25
- Tags
- Monitoring and Alarms
- Console Example
- Best Practice
- Best Practices
- Migrating CVM Instances
- Setting up a Website
- Building an Environment
- Building a Website
- Building an Application
- Data Backup
- Uploading Local Files to CVM
- Copying Local Files to CVMs
- Uploading Files from MacOS to Windows CVM Using MRD
- Uploading Files from Linux to Windows CVM using RDP
- Uploading Files from Linux to a CVM Using FTP
- Uploading files via WinSCP to a Linux CVM from Windows
- Uploading Files from Windows to a CVM Using FTP
- Uploading Files from Linux or MacOS to Linux CVM via SCP
- Uploading Files from Windows to a Windows CVM via MSTSC
- Other CVM Operations
- Network Performance Test
- Recovering Data on Linux CVMs
- Building a Visual GUI
- Changing Kernel of a Linux Instance Manually
- Managing Disk Space on Windows CVMs
- Using RemoteFx to Redirect USB Devices in Windows
- Using USB/IP to Share USB Devices in Linux
- Using AVX-512 Instructions to Accelerate AI Applications on CVM
- OPS Guide
- Mount Data Disks
- Environment Configurations
- Installing Software
- Accelerating software package download and update with Tencent Cloud software source
- Install Software via Apt-get under Ubuntu Environment
- Install Software via YUM under CentOS Environment
- Install Software via zypper under SUSE Environment
- Switching CentOS 6 Source to YUM Repository
- Installing chronyd Service on CentOS 8
- User Data
- System-related
- Others
- Troubleshooting Methods
- Instance-Related Failures
- CVM Login Failures
- Windows Instance Login Failures
- Windows Instance Login Failures
- An authentication error occurred when you tried to log in to a Windows instance remotely
- Failed to Reset the CVM Password or the CVM Password Is Invalid
- Windows instance: no remote Desktop license server can provide license
- Requires network-level identity verification
- Problems occurred when you tried to log in to a Windows CVM remotely on Mac
- Failed to log in to a Windows CVM due to high CPU and memory usage
- Failed to connect to a remote computer through Remote Desktop
- Credentials Not Work
- Connection to a Windows CVM through Remote Desktop was denied
- Remote Login Failure Due To Port Issues
- Linux Instance Login Failures
- Linux Instance Login Failures
- Unable to Log in to a Linux Instance via SSH Key
- Failing to log in to a Linux CVM due to high CPU and memory usage
- Remote Login Failure due to Port Issues
- VNC Login Error (Module is Unknown)
- VNC Login Error (Account Locked due to XXX Failed Logins)
- VNC Login Error (Login Failed with Correct Password)
- VNC or SSH Login Error (Permission Denied)
- Login Failure Due to Server Isolation
- Login Failure Due to High Bandwidth Occupation
- Remote Connect Failure Due to Security Group Settings
- Failed to shut down or restart a CVM
- Network Namespace Creation Failure
- Linux CVM Memory Issues
- Network Related Failures
- Downloading Remote Desktop for Mac
- Instance-Related Failures
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Region APIs
- Instance APIs
- DescribeInstances
- DescribeInstanceFamilyConfigs
- DescribeZoneInstanceConfigInfos
- DescribeInstanceTypeConfigs
- DescribeInstancesOperationLimit
- DescribeInstanceVncUrl
- InquiryPriceRunInstances
- InquiryPriceResetInstance
- InquiryPriceResetInstancesType
- InquiryPriceResizeInstanceDisks
- RunInstances
- StartInstances
- RebootInstances
- StopInstances
- ResetInstance
- TerminateInstances
- ResetInstancesType
- ResizeInstanceDisks
- ResetInstancesPassword
- ModifyInstancesAttribute
- ModifyInstancesProject
- InquirePricePurchaseReservedInstancesOffering
- DescribeReservedInstancesConfigInfos
- DescribeInstancesStatus
- Placement Group APIs
- Image APIs
- Key APIs
- Security Group APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Product Introduction
- Tutorial
- Release Notes and Announcements
- Public Image Updates
- Announcements
- Price Reduction in Selected Availability Zones
- WebShell Proxy IP Addresses Updates
- Windows Server 2003 System Images End of Support Announcement
- Pay-as-you-go Price Adjustments for Standard S3 CVMs in the Silicon Valley Region
- Vulnerability repairing for Linux images
- Windows Server 2008 R2 Enterprise Edition SP1 64-bit Images End of Support Announcement
- Upgrading Virtio network card drive for Windows CVMs
- Solution to Tomcat Start Failure on Ubuntu14.04
- Stopping supporting for Ubuntu 10.04 images
- About Configuration of Security Group Port 53
- Purchase Guide
- Getting Started
- Operation Guide
- Operation Guide Overview
- Use Limits Overview
- Instances
- Creating Instances
- Batch Sequential Naming or Pattern String-Based Naming
- Generating API Explorer Reusable Scripts to Create Instances
- Resource Adjustment
- Query Info
- Renaming Instances
- Resetting Instance Password
- Management instance IP address
- Change Instance Subnet
- Change Security Group
- Search Instances
- Export Instances
- Renewing Instances
- Querying the Repossession Status of a Spot Instance
- Shutdown Instances
- Logging into Linux Instance
- Restarting Instances
- Logging into Windows instance
- Reinstalling System
- Terminating Instances
- Instance Repossession
- Spot Instances
- No Charges When Shut Down for Pay-as-You-Go Instances
- Managing Roles
- Starting Up Instances
- Reserved Instances
- Images
- Service Migration
- Online Migration
- Overview
- Online Migration Tool
- Tencent Cloud Migration Tutorial
- Migration Tutorial for Different Source Environments
- Migrating AWS EC2 Data to Tencent Cloud
- Migrating Alibaba Cloud ECS Data to Tencent Cloud
- Migrating Huawei Cloud ECS Data to Tencent Cloud
- Migrating UCloud UHost Data to Tencent Cloud
- Migrating Baidu Cloud BCC Data to Tencent Cloud
- Migrating VMWare Virtual Machine Data to Tencent Cloud
- Migrating China Telecom e-Cloud Cloud Server Data to Tencent Cloud
- Offline Migration
- Contact Us
- Online Migration
- Cloud Block Storage
- Network
- Security
- Security Groups
- Protection of Sensitive Operations
- Managing Login Password
- Managing SSH keys
- Spread Placement Group
- Unblocking Port 25
- Tags
- Monitoring and Alarms
- Console Example
- Best Practice
- Best Practices
- Migrating CVM Instances
- Setting up a Website
- Building an Environment
- Building a Website
- Building an Application
- Data Backup
- Uploading Local Files to CVM
- Copying Local Files to CVMs
- Uploading Files from MacOS to Windows CVM Using MRD
- Uploading Files from Linux to Windows CVM using RDP
- Uploading Files from Linux to a CVM Using FTP
- Uploading files via WinSCP to a Linux CVM from Windows
- Uploading Files from Windows to a CVM Using FTP
- Uploading Files from Linux or MacOS to Linux CVM via SCP
- Uploading Files from Windows to a Windows CVM via MSTSC
- Other CVM Operations
- Network Performance Test
- Recovering Data on Linux CVMs
- Building a Visual GUI
- Changing Kernel of a Linux Instance Manually
- Managing Disk Space on Windows CVMs
- Using RemoteFx to Redirect USB Devices in Windows
- Using USB/IP to Share USB Devices in Linux
- Using AVX-512 Instructions to Accelerate AI Applications on CVM
- OPS Guide
- Mount Data Disks
- Environment Configurations
- Installing Software
- Accelerating software package download and update with Tencent Cloud software source
- Install Software via Apt-get under Ubuntu Environment
- Install Software via YUM under CentOS Environment
- Install Software via zypper under SUSE Environment
- Switching CentOS 6 Source to YUM Repository
- Installing chronyd Service on CentOS 8
- User Data
- System-related
- Others
- Troubleshooting Methods
- Instance-Related Failures
- CVM Login Failures
- Windows Instance Login Failures
- Windows Instance Login Failures
- An authentication error occurred when you tried to log in to a Windows instance remotely
- Failed to Reset the CVM Password or the CVM Password Is Invalid
- Windows instance: no remote Desktop license server can provide license
- Requires network-level identity verification
- Problems occurred when you tried to log in to a Windows CVM remotely on Mac
- Failed to log in to a Windows CVM due to high CPU and memory usage
- Failed to connect to a remote computer through Remote Desktop
- Credentials Not Work
- Connection to a Windows CVM through Remote Desktop was denied
- Remote Login Failure Due To Port Issues
- Linux Instance Login Failures
- Linux Instance Login Failures
- Unable to Log in to a Linux Instance via SSH Key
- Failing to log in to a Linux CVM due to high CPU and memory usage
- Remote Login Failure due to Port Issues
- VNC Login Error (Module is Unknown)
- VNC Login Error (Account Locked due to XXX Failed Logins)
- VNC Login Error (Login Failed with Correct Password)
- VNC or SSH Login Error (Permission Denied)
- Login Failure Due to Server Isolation
- Login Failure Due to High Bandwidth Occupation
- Remote Connect Failure Due to Security Group Settings
- Failed to shut down or restart a CVM
- Network Namespace Creation Failure
- Linux CVM Memory Issues
- Network Related Failures
- Downloading Remote Desktop for Mac
- Instance-Related Failures
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Region APIs
- Instance APIs
- DescribeInstances
- DescribeInstanceFamilyConfigs
- DescribeZoneInstanceConfigInfos
- DescribeInstanceTypeConfigs
- DescribeInstancesOperationLimit
- DescribeInstanceVncUrl
- InquiryPriceRunInstances
- InquiryPriceResetInstance
- InquiryPriceResetInstancesType
- InquiryPriceResizeInstanceDisks
- RunInstances
- StartInstances
- RebootInstances
- StopInstances
- ResetInstance
- TerminateInstances
- ResetInstancesType
- ResizeInstanceDisks
- ResetInstancesPassword
- ModifyInstancesAttribute
- ModifyInstancesProject
- InquirePricePurchaseReservedInstancesOffering
- DescribeReservedInstancesConfigInfos
- DescribeInstancesStatus
- Placement Group APIs
- Image APIs
- Key APIs
- Security Group APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
Scenario
The default port of the CVM is susceptible to scanning and attack by malicious software. Therefore, you need to change the default remote port of the CVM to a less common port to prevent the inability to remotely access the CVM due to such attacks. This ensures the security of the CVM.
Modifications to the port will be valid only if they are made in the security group rules and the CVM simultaneously. You can modify the default remote port of the CVM as described below. The modification method varies based on the operating system of the CVM.
Directions
Modifying the default remote port of a Windows CVM
The following operations use Windows Server 2012 as an example. The procedure might vary slightly depending on the operating system and language.
- Log in to the Windows instance by using VNC.
- In the operating system, click
to open the “Windows PowerShell” window. - In the “Windows PowerShell” window, enter regedit and press Enter to open the “Registry Editor” window.
- In the left-side registry navigation pane, expand the following hierarchies in sequence: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > Wds > rdpwd > Tds > tcp.
- Find PortNumber in tcp. Then, change the value of PortNumber from 3389 to an unoccupied port number within the range of 0 to 65535, as shown in the following figure.
- In the left-side registry navigation pane, expand the following hierarchies in sequence: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
- Find and change PortNumber in RDP-Tcp to be the same as that in tcp.
- (Optional) If a firewall is enabled for your CVM, be sure to add the new port to the allowlist of the firewall and set to allow connection.
- In the “Windows PowerShell” window, enter wf.msc and press Enter to open the “Windows Firewall with Advanced Security” window.
- In the “Windows Firewall with Advanced Security” window, select Inbound Rules and click New rule, as shown in the following figure.
- On the “Rule Type” page in the “New Inbound Rule Wizard” window, select Port and click Next.
- On the “Protocol and Ports” page in the New Inbound Rule Wizard window, select TCP and enter the port number set in Step 5 in Specific Port. Then, click Next, as shown in the following figure.
- On the Action page in the “New Inbound Rule Wizard” window, select Allow connections and click Next.
- On the “Profile” page in the “New Inbound Rule Wizard” window, apply the default profile and click Next.
- On the “Name” page in the “New Inbound Rule Wizard” window, enter the rule name and click Finish.
- In the “Windows PowerShell” window, enter services.msc and press Enter to go to the “Services” window.
- Find and right-click Remote Desktop Services in the “Services” window. Then, select Restart to restart the remote login service.
- Refer to Modifying Security Group Rules to modify the security group rule with the protocol port “TCP:3389” by changing the port number to that set in Step 5.
Modifying the default remote port of a Linux CVM
- Before you modify the default remote port, we recommend that you add the SSH port number and test whether the port is successfully connected to the CVM. Then, delete the default port 22. Ensure that the default port 22 cannot be connected to the CVM when the new port fails to connect to the CVM.
- The following operations use CentOS 7.3 as an example. The specific operations vary slightly according to the version and language of the operating system.
- Log in to a Linux instance by using VNC.
- Run the following command to modify the configuration file:
vim /etc/ssh/sshd_config - Press i to switch to the editing mode and add a new port. Add
Port x(where x is the port number of the new port) in a new row below#Port 22, and delete#to comment offPort 22, as shown in the following figure.
For example, addPort 23456in the row.
- Press Esc, enter :wq, and save the change.
- Run the following command so that the new configuration takes effect:
systemctl restart sshd.service - (Optional)Configure the firewall.
- By default, the iptables service is used as the firewall for Linux CVMs with CentOS earlier than CentOS 7. Configure the firewall as follows if iptables rules have been configured for the CVM.
- Run the following command to configure the firewall:
iptables -A INPUT -p tcp --dport <New port number> -j ACCEPTiptables -A INPUT -p tcp --dport 23456 -j ACCEPT - Run the following command to restart the firewall:
service iptables restart
- Run the following command to configure the firewall:
- The Firewalld service is used as the firewall for Linux CVMs with CentOS 7 or later. Configure the firewall as follows if the Firewalld service has been enabled on the CVM.
Run the following command to allow access by the port number added in Step 3:firewall-cmd --add-port=<New port number>/tcp --permanentfirewall-cmd --add-port=23456/tcp --permanentsuccessis returned, the port was successfully configured.
- By default, the iptables service is used as the firewall for Linux CVMs with CentOS earlier than CentOS 7. Configure the firewall as follows if iptables rules have been configured for the CVM.
- Refer to Modifying Security Group Rules to modify the security group rule with the protocol port “TCP:22” by changing the port number to that set in Step 3.
Verification
Windows CVMs
- Assume that the Windows operating system is installed on the local computer. Open the “Remote Desktop Connection” dialog box.
- Enter the
Internet IP of Windows server: port number after modificationafter Computer and click Connect, as shown in the following figure.
- Enter the admin account and password as prompted and click OK.
If the operating system interface of the Windows CVM appears, the connection is established.If you log in to the Windows CVM by using an RDP file, modify the
full address:sparameter in the RDP file, as shown in the following figure:
Linux CVMs
- Assume that PuTTY is used for remote login. Start the PuTTY client.
- In the “PuTTY Configuration” window, enter the public IP address of the Linux CVM, set Port to the new port number, and click Open, as shown in the following figure.
- Enter the username and password of the Linux CVM as prompted and press Enter.
If the following output appears, the connection is established.
- After using the new port to successfully establish a connection to the Linux CVM, run the following command:
vim /etc/ssh/sshd_config - Press i to switch to the editing mode, and add
#in front ofPort 22to comment off the port. - Press Esc, enter :wq, and save the change.
- Run the following command so that the new configuration takes effect. Ensure that you use the new port for the next remote login to the Linux CVM.
systemctl restart sshd.service
Yes
No
Was this page helpful?