Skip to content

Instantly share code, notes, and snippets.

@Peregrinox

Peregrinox/alternative ssh port.md

Last active March 12, 2019 13:11
Show Gist options
  • Save Peregrinox/68b6262ed04c778375daf0d9dcbe549e to your computer and use it in GitHub Desktop.
Save Peregrinox/68b6262ed04c778375daf0d9dcbe549e to your computer and use it in GitHub Desktop.
Download ZIP
alternative ssh port in google compute instance
Raw
alternative ssh port.md

understanding fail2ban with iptables: https://www.the-art-of-web.com/system/fail2ban/ https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server

  • autorize new port in google firewall (common to all instances in the same zone):

with gloud command line:

gcloud compute firewall-rules create ssh-alternative-2224 --allow tcp:2224

¿Change priority of this rule to 65534 to avoid mask this port and lose connection of virtual machine?

you need to add option ssh-flag in order to connect to another port:

gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 2224"

or in your prefered ssh client

  • Test port is accesible from the internet:
sudo apt-get install netcat
nc -l -p 2224 &

and telnet from a remote computer:

telnet your.server.ip 2224
  • now we can change ssdh default port
sudo nano /etc/ssh/sshd_config

and change line

Port 22

to Port 2224

  • fail2ban
sudo nano /etc/fail2ban/jail.local

change en jail [ssh]

port = ssh

to

port = ssh, 2224

  • restart services
sudo systemctl restart fail2ban
sudo systemctl status ssh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment