FreeBSD Blog

Change sshd Port

December 26, 2005 Posted by KP

I used default port number 22 for sshd, the server got lots of login attempts every day which left thousands of lines in daily security run output.

There are several variables related to port range in sysctl, mine is different from the default value, although I didn’t modify anything.

# sysctl -a | grep portrange
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

net.inet.ip.portrange.first and net.inet.ip.portrange.last are supposed to be 1024 and 5000 according to the FreeBSD manual. I was worried being locked outside of the box and didn’t modify the sshd port.

I can’t bear the annoying automate login attempts any more and decided to give it a try. It’s easy to change:

Add a line in the file /etc/ssh/sshd_config:
Port 1234

Reload sshd
#/etc/rc.d/sshd reload

I opened another putty client to test the login, everything worked fine. The great thing is the old ssh connection is still active after the sshd modification and reload, I always have the chance to revert the configuration back if it doesn’t work.

By the way, binding the ssh login to a static IP is recommended as well.

• Change FTP Port
• AllowUsers
• Reduce Server Visibility
• sysctl.conf Sample
• How to Setup Key Based Authentication in SSH
• Install via Port