Changing the SSH Port in ServerPilot
ServerPilot comes with a default firewall which is enabled and comes in the form of a toggle in the ServerPilot control panel.
The panel is a front for the ufw (uncomplicated firewall) app which in turn is a front for ip tables but with a lower learning curve, by default the below rules are the allowed incoming rules.
22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 68/udp ALLOW Anywhere
(And also their equivalent IPv6 rules)
So SSH, HTTP, HTTPS and BOOTPC incoming protocols are allowed.
You can swap the Port 22 in SSH for a more obscure port number such as 2222, the default Port number 22 is constantly bombarded by malicious scripts so it’s a recommendation to change it.
Keep the ServerPilot firewall enabled and then log into the server instance as root via SSH
– check the firewall with
ufw status
You should see all the rules.
Add the new port 2222 and check the status again.
ufw allow 2222/tcp
Then you have to change the port number in the SSH config
nano /etc/ssh/sshd_config
Look for the port number and change appropriately
# What ports, IPs and protocols we listen for Port 2222
Restart SSH
service ssh restart
That’s it – any future SSH connections will only be accepted over Port 2222, make a new connection and try using ssh using
ssh -p2222 [email protected]
You can also now remove the old SSH rule (optional as the port has been changed anyway in the SSH config)
ufw delete allow 22/tcp
ServerPilot will operate the normal way as it’s connection to the server is independent of SSH – the only caveat is if the ServerPilot is toggled off/on the default rules will override your modifications.
Or you could just disable the ServerPilot after making a SSH connection then toggle it off and then create your own independent firewall on the server…
ufw allow from 1.2.3.4 <your personal IP address> ufw allow 22/tcp ufw allow 2222/tcp <new SSH Port> ufw allow 80/tcp ufw allow 443/tcp ufw allow 68/udp ufw enable
Once done, check status and try new connection on SSH – with success change SSH port and remove old rule…
ufw delete allow 22/tcp
This will put you in control of the firewall but keep the ServerPilot one off – if it is swapped back on it will override.
The above guide was based on a Vultr instance but similar such as Digital Ocean will be the same.