What is SSH? How to use and change SSH port

What is the definition of the SSH protocol? When should SSH be used? What are some common commands in SSH? Why is it necessary to change the SSH port and how to do it on a Linux server? Let's explore these topics with TotHost in this article.

1. What is the SSH protocol?

SSH (Secure Shell) is a network protocol used to establish secure network connections between devices. SSH allows users to access and control devices remotely through a secure network connection and encrypts data between those devices. With security features such as user authentication, data encryption, server authentication, and network security, SSH connections are safely protected against network attackers.
SSH plays a vital role in system management and network security. It is widely used in computer systems and network devices for remote access and management, especially in server systems.

1.1. How does SSH work?

The SSH protocol was created to replace terminal emulators and insecure login mechanisms like Telnet. Therefore, this protocol features login, terminal startup, and remote server control.

Both the client and server currently use session keys to encrypt and decrypt all data sent between them. This provides a secure, encrypted channel for data transmission.

Overall, the SSH protocol provides a secure and reliable way to access and manage devices remotely over the internet. It is widely used by system administrators, developers, and other experts who need secure remote system access.

1.2. When to Use SSH?

Here are some situations in which you might use SSH in your work:

• Remote server or network device access: SSH provides a secure way to connect to devices and perform tasks without needing to be physically present.
• File transfer between two systems: SSH provides secure file transfer protocols (SFTP) and secure copy (SCP) using encryption to protect data during transmission.
• Command-line interface: The secure command-line interface (CLI) of SSH allows you to execute commands on a remote system as if you were sitting in front of it.

In summary, SSH is a versatile tool used for various communication tasks, secure connections across networks.

2. SSH Server and Related Services

2.1. SSH Server via OpenSSH

To set up an SSH server (accessing the server using the SSH protocol), we have several tools such as OpenSSH, Putty, and MobaXterm. Among them, OpenSSH is the most popular.

OpenSSH is a service installed by default on CentOS and Ubuntu servers. If it's not installed, you can install it using the following commands:

-------------RHEL------------------------

yum install openssh openssh-server openssh-clients openssl-libs -y

-------------Ubuntu----------------------

sudo apt-get install openssh-server openssh-client -y

The configuration file is located at /etc/ssh/sshd_config. After making changes to the configuration, you'll need to reset the config.

To access the server, you use the command: ssh <username>@<IP_server> -p <ssh_port>, where:

• username is the account name used for SSH.
• IP_server is the IP address you want to SSH into.
• ssh_port is the port used for SSH (use 4433 if you're using TotHost). See below for more on changing the port.

See more about SSH server using Putty, MobaXterm: Various ways to connect to Linux servers.

2.2. SCP - Using SSH to Transfer Data Files

SCP is a command provided by OpenSSH for transferring data files. Command:

scp [OPTION] [user_src@]src_host:]src_file [user@]desk_host:]des_file

Where:

• [OPTIONS] are additional settings if needed, such as adding the parameter -r to recursively copy entire directories, files, subdirectories along the path.
• [user_src@]src_host:]src_file is the source file or directory.
  Example: abcuser@192.168.1.55:/home/file1.txt
• [user@]desk_host:]des_file is the destination file or directory

2.3. RSA - SSH with Key

SSH with key: (having key → access granted, no key → connection refused)

Command:

-----create key--------

ssh-keygen -t rsa

1st line: key location

2nd line: passphrase (press Enter for empty)

3rd line: confirm passphrase

After running the above command, two key files will be generated:

• id_rsa file is kept on the client. When using a command or third-party software, OpenSSH will read through this file to ssh into the Server.
• id_rsa.pub file is placed on the server.

We can create a key on the client machine, then copy the content of the id_rsa.pub file generated on the client and paste it into the id_rsa.pub file on the server. Then, we can connect to the server. (If the server restricts by IP, it's necessary to open the firewall to gain access).

3. Changing the SSH Port on a Linux Server

By default, Linux Servers use port 22 for connections. Therefore, when connecting, we often omit the -p parameter and the machine will still understand. However, with recent network attacks, we are easily subjected to login scans and may lose control of the server. Therefore, some VPS providers change the default port to ensure information security for the server. For example, TotHost replaces port 22 with port 4433.

Below, TotHost will share how to change the port for two popular Linux OS types: Ubuntu and CentOS 7.

3.1. Changing SSH Port on Ubuntu

For this operating system, changing the port is quite simple:

• Navigate to the config file /etc/ssh/sshd_config and edit the line #Port 22 to the desired port number (Specifically for TotHost, the port number is 4433).
• Run the command Systemctl restart sshd to reload the SSH configuration.
• Update the firewall so that you can still access the server after exiting. With the default Ubuntu firewall, you can run the command sudo ufw allow <port_number>.

3.2. Changing SSH Port on CentOS 7

For CentOS 7, it will be a bit more challenging. Especially when the server is newly set up from ISO, it may lack some SELinux tools, making it impossible to change the server's port. Specifically, semanage is missing.

To install semanage, run the command yum install policycoreutils-python.

Perform the steps to change the port in the config file as in Ubuntu above.

Additionally, run the following commands:

• Remove port 22: semanage port -d -t ssh_port_t -p tcp 22
• Add the new port (TotHost's port 4433): semanage port -a -t ssh_port_t -p tcp 4433
• Update the firewall: firewall-cmd --permanent --add-port=2220/tcp and firewall-cmd --reload These are the steps to change the port to ensure the safety of your server.

Hopefully, with the information shared in this article, you have grasped the concept of SSH, how to use SSH, and how to change the SSH port on a Linux server.