SSH servers listen for incoming connections on TCP port 22. Therefore, port 22 is
subjected to unauthorized login attempts by hackers trying to access unsecured
servers. To prevent unauthorized server assess, you can turn off port 22 and run the
service on a random port between 1024 and 65535.
The following task requires Administrator access
privileges.
IBM Aspera transfer products ship with OpenSSH listening on both TCP/22 and
TCP/33001. Use TCP/33001 only and disable TCP/22.
-
Use a text editor to open the SSH configuration
file.
Note: Before changing the default port for SSH connection, verify with your
network administrators that TCP/33001 is open. Notify users of the port
change
-
Add the new SSH port
Port 22
Port 33001
Note: Before changing the default port for SSH connections, verify that
TCP/33001 is open.
The OpenSSH suite included in the installer uses TCP/22 and TCP/33001 as the
default ports for SSH connections. Disable TCP/22 to prevent security breaches of your SSH
server.
-
Disable TCP/22 by commenting it out in the
sshd_config
file.
-
In OpenSSH versions 4.4 and later, disable SSH tunneling to avoid potential
attacks by adding the following lines at the end of the
sshd_config
file. As a result only Administrator
group users are permitted to tunnel.
...
AllowTcpForwarding no
Match Group Administrators
AllowTcpForwarding yes
Depending on your sshd_config
file, you may have additional
instances of AllowTCPForwarding
that are set to the default
Yes
. Review your sshd_config
file for
other instances and disable as appropriate.
-
Update authentication methods by adding or uncomment
PubkeyAuthentication yes
in the
sshd_config
file and comment out
PasswordAuthentication yes
.
...
PubkeyAuthentication yes
#PasswordAuthentication yes
PasswordAuthentication no
...
-
Restart the SSH server to apply the new settings. Navigate to . Locate the
OpenSSH Service
and click
Restart.