• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Is it safe to change the default ssh port on live server

K

Ko_de_Vries_(J.W.)

New Pleskian
Hi all Pleskians, HAPPY NEW YEAR !!

I recently (about 2 weeks ago) installed PLESK on my new VPS, running Debian 10.11
It's running great, but, i see a lot of ip's being blocked via Fail2ban, especially via ssh port 22.
The count is about a 1000 in 4 days.

Normally i change this port straight after the initial Linux installation & updates, but, you guessed it, i didn't perform this step this time.
The server is live and hosting websites with Wordpress.

My questions are :
1. If i change this port now by following KBase : https://support.plesk.com/hc/en-us/...-How-to-change-the-SSH-port-on-a-Linux-server,
(My main concern :) Does it effect PLESK functionality/accessability ?
2. is there anything else i need to change ?

Regards, Ko de Vries
 
All in the KBase mentioned things are the only you need.
You can safely change the port in addition to the article. Don't forget to modify your Fail2Ban-Jail for ssh if used.
 
Should not be an issue to change the SSH port on a production server. However, do make sure you've opened your new SSH port in all firewalls you are using before hand. The Plesk firewall as well as at your provider if they offer any. Otherwise you run the risk of locking yourself out ;)

Also changing the SSH port might conflict with the build in Plesk SSH terminal. I don't use the Plesk SSH terminal myself, so I am not sure. But I have seen a couple of topics about the Plesk SSH terminal not (fully) working with on different port on this forum. (But these issues might been fixed by now, I don't know).
 
Let say you change it to something like 2222

Unless you specify that port every time you're dealing with standard SSH port, SSH login/SFTP/Importing websites from other servers/3rd-party extensions, it will create connections issues for you, more likely connection refused/connection timeout error message.

So you should be aware of this change all the time + firewall and Fail2Ban most be aware of this as well.
 
yes in fact you should change it. just remember to tweak the firewall as well.
SSH has a nice feature that even when you do a service sshd restart, it won't disconnect the current connections.
so you can change its config, restart it, and see if you can now start a new session -- but don't disconnect the old session, keep it open.
if it doesn't work, change the config again until it does..
 
> I recently (about 2 weeks ago) installed PLESK on my new VPS, running Debian 10.11 It's running great, but, i see a lot of ip's being blocked via Fail2ban, especially via ssh port 22. The count is about a 1000 in 4 days.

I'd make the case it doesn't matter. Use SSH Keys (only) and if you are really concerned, run a VPN / tunneled daemon for shell access.

Else, the only thing those attempts do is burn a miniscule amount of CPU cycles before they are blocked again. Things like a login delay can help deter attempts further
 
You must log in or register to reply here.

Similar threads

M
Issue Can't open Port 25. Please help
Replies
2
Views
466
mhogue
M
D
Question NGINX Unit on server under plesk
Replies
4
Views
383
trialotto
T
P
Resolved I have changed my plesk server IP default site from none to domain
Replies
1
Views
411
Peter Debik
P
F
Resolved Change from MariaDB version 10.3.39 to MariaDB version 10.11.6
2
Replies
20
Views
4K
Feruz
F
T
Resolved SECURITY - attack surface : ports 7080 and 7081
2
Replies
30
Views
11K
2dareis2do
2
Back
Top