As being a Linux system administrator, one should monitor SSH log in activities to trace out failed log in attempts. This is required now-a-days because attackers are targeting SSH connections and if you are running SSH service on a default port then you can definitely become a victim of attackers.
All SSH failed log in attempts are saved at /var/log/secure file. But it becomes cumbersome job to monitor all such failed log in attempts regularly.
Therefore, implement a very simple and secure way to overcome from the failed SSH attempts is change SSH connection port from the default to any random value. There are just 2 simple steps to change the SSH port. Once you are done with it, your server will become more secure than it was earlier.
Step – 1:- Open sshd_config file using any text editor installed in your server
$ nano /etc/ssh/sshd_config
Step – 2:- After opening the configuration file, change the SSH port from 22 to any random number like 6340
$ Port 6340
Step – 3:- After specifying the new port, save the file and restart the SSH service
$ service sshd restart
Step – 4:- Now, change the SSH port in iptables rules
$ nano /etc/sysconfig/iptables
Here, search port 22 and change it to 6340
Step – 5:- After changing the port in iptables, save the file and restart iptables service
$ service iptables restart
That’s it! You are done with all basic settings.
Also your port should be not in use and less than 65536.
Your should be using port below 1025. By using a well-known port you can prevent a non-root user from setting up their own SSH server that they could use for example to steal passwords of users who log in via SSH. This is because you have to be root to set up a program that can listen on ports below 1024. If you use a port above 1023, someone can crash your SSH server and set up their own SSH server to listen on the same port.
Important Note: If you are using any Firewall / Anti-virus in your server then you have to allow the new SSH port in its configuration as well.