This question comes up from time-to-time, so we decided to write this little how-to article.
Changing your SSH port number is not recommended anymore
Changing SSH to a port other than 22 is an old trick. There may have been a time when this trick was effective, but nowadays this mainly provides a *false sense of security*, management complexity, and won't increase your security. The port scanners used by hackers today will find the 'hidden' SSH port in no time. (try NMAP port scanner and see: http://nmap.org/)
SSH - The Dome9 Way
With Dome9, your SSH port is normally closed and only opened on-demand for authorized users, only for their IP address, and only for a limited time. During this process, SSH is not exposed to hackers and scanners - hence, is no need anymore to further hide it as it's cloaked already.
Still, here's how to define a non-standard SSH port with Dome9
Defining any custom service on Dome9 system is easy:
- Login to your Dome9 Central portal and click the 'Policy Management" tab
- Locate the relevant security group you wish to modify
- Delete the old SSH rule (so it won't confuse you anymore)
- Add new Service, name it SSH or SSH custom, select custom, TCP, and choose your port number
- Click 'Save' and 'Done'. From now on your SSH will be protected by Dome9 and only enabled on demand for authorized users.