Changing the SSH Port in ServerPilot

ServerPilot comes with a default firewall which is enabled and comes in the form of a toggle in the ServerPilot control panel.

server-pilot-firewall-ssh

The panel is a front for the ufw (uncomplicated firewall)  app which in turn is a front for ip tables but with a lower learning curve, by default the below rules are the allowed incoming rules.

22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
68/udp ALLOW Anywhere

(And also their equivalent IPv6 rules)

So SSH, HTTP, HTTPS and BOOTPC incoming protocols are allowed.

You can swap the Port 22 in SSH for a more obscure port number such as 2222, the default Port number 22 is constantly bombarded by malicious scripts so it’s a recommendation to change it.

Keep the ServerPilot firewall enabled and then log into the server instance as root via SSH

– check the firewall with

ufw status

You should see all the rules.

Add the new port 2222 and check the status again.

ufw allow 2222/tcp

Then you have to change the port number in the SSH config

nano /etc/ssh/sshd_config

Look for the port number and change appropriately

# What ports, IPs and protocols we listen for
 Port 2222

Restart SSH

service ssh restart

That’s it – any future SSH connections will only be accepted over Port 2222, make a new connection and try using ssh using

ssh -p2222 [email protected]

You can also now remove the old SSH rule (optional as the port has been changed anyway in the SSH config)

ufw delete allow 22/tcp

ServerPilot will operate the normal way as it’s connection to the server is independent of SSH – the only caveat is if the ServerPilot is toggled off/on the default rules will override your modifications.

Or you could just disable the ServerPilot after making a SSH connection then toggle it off and then create your own independent firewall on the server…

ufw allow from 1.2.3.4 <your personal IP address>
ufw allow 22/tcp
ufw allow 2222/tcp <new SSH Port>
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 68/udp

ufw enable

 

Once done, check status and try new connection on SSH – with success change SSH port and remove old rule…

ufw delete allow 22/tcp

This will put you in control of the firewall but keep the ServerPilot one off – if it is swapped back on it will override.

The above guide was based on a Vultr instance but similar such as Digital Ocean will be the same.