How to configure a non-standard SSH port

In this topic:

    This question comes up from time-to-time, so we decided to write this little how-to article.

    Changing your SSH port number is not recommended anymore

    Changing SSH to a port other than 22 is an old trick. There may have been a time when this trick was effective, but nowadays this mainly provides a *false sense of security*, management complexity, and won't increase your security. The port scanners used by hackers today will find the 'hidden' SSH port in no time. (try NMAP port scanner and see: http://nmap.org/)

    SSH - The Dome9 Way

    With Dome9, your SSH port is normally closed and only opened on-demand for authorized users, only for their IP address, and only for a limited time. During this process, SSH is not exposed to hackers and scanners - hence, is no need anymore to further hide it as it's cloaked already.

    Still, here's how to define a non-standard SSH port with Dome9

    Defining any custom service on Dome9 system is easy:

    • Login to your Dome9 Central portal and click the 'Policy Management" tab

    • Locate the relevant security group you wish to modify

    • Delete the old SSH rule (so it won't confuse you anymore)

    • Add new Service, name it SSH or SSH custom, select custom, TCP, and choose your port number

    • Click 'Save' and 'Done'. From now on your SSH will be protected by Dome9 and only enabled on demand for authorized users.