OpenSSH - custom settings for more security. Safe mode

Created: May 11, 2021, 11:40 a.m.
Update: Sept. 26, 2021, 9:07 a.m.
For more security change ssh port for a custom port, but a risk to sshd broken and you can lost server shel access.

For more security you can change ssh default port for a custom port, but a risk to ssh service to broke and lost remote acesss to server.
How to do this in safe mode?
How to avoid to lost ssh connection?

1 - check new /etc/ssh/sshd_config file
2 - Run a new openssh server using a new configuration file

Enviroment

Ubuntu 20.04 LTS
Required sudo permission / root
$ = command line

Backup of ssh_config file

$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.port22
$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config.port5000
$ vim /etc/ssh/sshd_config.port5000
change port to 5000
Port 5000
make all change you need.

Test the custom config file

$ sshd -t -f /etc/ssh/sshd_config.port5000
Run a new server using new sshd_config
$ /usr/sbin/sshd -4d -f /etc/ssh/sshd_config.port5000
-4d: Ipv4 + debug
-f  : config file
ctrl+c to stop
Open a new terminal and try a ssh connection using port 5000 from authorized client.
$ ssh user@IP -p 5000
If you have success, then copy ssh_config.port5000 to sshd_config (default name) and restart the service.
$ cp /etc/ssh/sshd_config.port5000 /etc/ssh/sshd_config
$ sudo service ssh restart

More security than a port

Fail2Ban
PermitRoot
MaxEntry
....

Tiago de Souza Moraes - teago.futuria.com.br - 2021 // CSS by UIKIT CSS