The default port of the CVM is susceptible to scanning and attack by malicious software. Therefore, you need to change the default remote port of the CVM to a less common port to prevent the inability to remotely access the CVM due to such attacks. This ensures the security of the CVM.
Modifications to the port will be valid only if they are made in the security group rules and the CVM simultaneously. You can modify the default remote port of the CVM as described below. The modification method varies based on the operating system of the CVM.
The following operations use Windows Server 2012 as an example. The procedure might vary slightly depending on the operating system and language.
- Before you modify the default remote port, we recommend that you add the SSH port number and test whether the port is successfully connected to the CVM. Then, delete the default port 22. Ensure that the default port 22 cannot be connected to the CVM when the new port fails to connect to the CVM.
- The following operations use CentOS 7.3 as an example. The specific operations vary slightly according to the version and language of the operating system.
Run the following command to modify the configuration file:
vim /etc/ssh/sshd_config
Press i to switch to the editing mode and add a new port. Add Port x
(where x is the port number of the new port) in a new row below #Port 22
, and delete #
to comment off Port 22
, as shown in the following figure.
For example, add Port 23456
in the row.
Press Esc, enter :wq, and save the change.
Run the following command so that the new configuration takes effect:
systemctl restart sshd.service
(Optional)Configure the firewall.
iptables -A INPUT -p tcp --dport <New port number> -j ACCEPT
For example, if the new port number is 23456, run the following command:
iptables -A INPUT -p tcp --dport 23456 -j ACCEPT
2. Run the following command to restart the firewall:
service iptables restart
firewall-cmd --add-port=<New port number>/tcp --permanent
For example, if the new port number is 23456, run the following command:
firewall-cmd --add-port=23456/tcp --permanent
If success
is returned, the port was successfully configured.
7. Refer to Modifying Security Group Rules to modify the security group rule with the protocol port “TCP:22” by changing the port number to that set in Step 3.
Internet IP of Windows server: port number after modification
after Computer and click Connect, as shown in the following figure.If you log in to the Windows CVM by using an RDP file, modify the
full address:s
parameter in the RDP file, as shown in the following figure:
Assume that PuTTY is used for remote login. Start the PuTTY client.
In the “PuTTY Configuration” window, enter the public IP address of the Linux CVM, set Port to the new port number, and click Open, as shown in the following figure.
Enter the username and password of the Linux CVM as prompted and press Enter.
If the following output appears, the connection is established.
After using the new port to successfully establish a connection to the Linux CVM, run the following command:
vim /etc/ssh/sshd_config
Press i to switch to the editing mode, and add #
in front of Port 22
to comment off the port.
Press Esc, enter :wq, and save the change.
Run the following command so that the new configuration takes effect. Ensure that you use the new port for the next remote login to the Linux CVM.
systemctl restart sshd.service
Was this page helpful?