Skip to main content

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide




By default, SSH uses port 22 for all connections. However, for enhanced security or due to policy requirements, it may be necessary to change this default port. In this guide, we'll walk you through how to change the SSH port on Windows Server 2019.

Changing the default port not only reduces the chances of brute-force attacks but also minimizes exposure to potential vulnerabilities. Let's get started!

Why Change the Default SSH Port?

Changing the default SSH port can offer several advantages:

  • Security: Automated scripts often target the default SSH port (22). Changing it can prevent many basic attacks.
  • Compliance: Certain compliance regulations or internal policies may require the use of non-standard ports.
  • Segregation: If multiple services are running on the same server, different ports can be used for easier management and separation.

Prerequisites

Before proceeding, ensure that you:

  1. Have administrative privileges on the Windows Server 2019.
  2. Have OpenSSH installed and running.
  3. Are familiar with Windows PowerShell or Command Prompt.
  4. Understand how to manage Windows Firewall rules.

Step 1: Modify the SSHD Configuration File

The sshd_config file is where the SSH service configuration lives. This is where we will specify the new port for SSH.

1. Open PowerShell as Administrator

  • Right-click the Start button and select Windows PowerShell (Admin) to open PowerShell with admin privileges.

2. Locate the SSH Configuration File

The configuration file is located at:

makefile
C:\ProgramData\ssh\sshd_config

3. Edit the Configuration File

You can edit the configuration file using any text editor. In PowerShell, type the following command to open it in Notepad:

powershell
notepad C:\ProgramData\ssh\sshd_config

4. Modify the Port Line

  • In the configuration file, locate the line that reads:
    bash
    #Port 22
  • Uncomment the line by removing the # and change the port to your desired number (e.g., 2222):
    yaml
    Port 2222

Note: Ensure the new port does not conflict with other services.

5. Save the File

After modifying the port, save the sshd_config file and close the editor.

Step 2: Allow the New Port in Windows Firewall

Once you've configured SSH to use the new port, you need to allow traffic through this port in Windows Defender Firewall.

1. Open Windows Defender Firewall

  • Open Server Manager, click on Tools, and select Windows Defender Firewall with Advanced Security.

2. Create a New Inbound Rule

  • Click on Inbound Rules in the left pane.
  • In the right pane, click New Rule.

3. Specify the Port

  • Choose Port as the rule type.
  • Select TCP and enter the new port number (e.g., 2222) in the specific local ports field.

4. Allow the Connection

  • Choose Allow the connection and click Next.

5. Select Profiles

  • Apply the rule to the Domain, Private, and Public profiles (or whichever is appropriate for your environment).

6. Name the Rule

  • Give the rule a meaningful name, such as SSH on Port 2222, and click Finish.

Step 3: Restart the SSH Service

For the changes to take effect, you need to restart the OpenSSH server.

1. Restart the SSH Service

In PowerShell, type the following command to restart the SSH service:

powershell
Restart-Service sshd

2. Verify the New Port

To confirm that the SSH service is now listening on the new port, use the following command:

powershell
netstat -an | findstr :2222

If the new port appears in the output, it means the SSH service is successfully listening on it.

Step 4: Test the SSH Connection

Before closing your existing session, test the SSH connection on the new port from a client machine.

1. Open PuTTY or Any SSH Client

  • Open PuTTY (or any SSH client) and enter the IP address of the Windows server.

2. Enter the New Port

  • In the Port field, enter the new port (e.g., 2222).

3. Connect

  • Click Open to initiate the connection and log in with your SSH credentials.

If the connection succeeds, the new port is working properly.

Step 5: Disable Port 22 (Optional)

Once you've verified the new port, you can disable port 22 for additional security.

1. Edit the sshd_config File Again

  • Open the sshd_config file again and comment out or delete the Port 22 line:
    bash
    #Port 22

2. Save the File and Restart the Service

  • Save the file and restart the SSH service again:
    powershell
    Restart-Service sshd

3. Remove the Old Firewall Rule

  • In Windows Firewall, find the rule allowing traffic on port 22 and either disable or remove it.

Conclusion

Changing the default SSH port on Windows Server 2019 helps improve security by reducing exposure to automated attacks on port 22. It’s a simple yet effective way to harden your server’s defenses. By following the steps outlined here, you can change the SSH port, configure firewall rules, and test the new configuration.

Key Takeaways:

  • Change the port by modifying the sshd_config file.
  • Allow the new port in Windows Firewall.
  • Test the connection before disabling port 22.
  • Enhance security by removing the default port once you confirm the new one works.

By implementing these practices, you can manage your Windows Server 2019 SSH access securely and efficiently.

With this guide, you're now equipped to modify your SSH settings and optimize your server's security. Keep your systems safe, and happy managing! 😊

Comments

Post a Comment

Provide your valuable feedback, we would love to hear from you!! Follow our WhatsApp Channel at
https://whatsapp.com/channel/0029VaKapP65a23urLOUs40y

Popular posts from this blog

Working with OAuth Tokens in .NET Framework 4.8

  Working with OAuth Tokens in .NET Framework 4.8 OAuth (Open Authorization) is a widely used protocol for token-based authentication and authorization. If you're working with .NET Framework 4.8 and need to integrate OAuth authentication, this guide will walk you through the process of obtaining and using an OAuth token to make secure API requests. Step 1: Understanding OAuth Flow OAuth 2.0 typically follows these steps: The client requests authorization from the OAuth provider. The user grants permission. The client receives an authorization code. The client exchanges the code for an access token. The client uses the token to access protected resources. Depending on your use case, you may be implementing: Authorization Code Flow (for web applications) Client Credentials Flow (for machine-to-machine communication) Step 2: Install Required Packages For handling HTTP requests, install Microsoft.AspNet.WebApi.Client via NuGet: powershell Copy Edit Install-Package Microsoft.AspNet.W...
Post a Comment
Read more

Understanding Microservices: What They Are and How They Differ from Traditional Services and APIs

  Understanding Microservices: What They Are and How They Differ from Traditional Services and APIs In recent years, microservices have become one of the most popular architectural styles for building modern applications. But what exactly are they, and how do they differ from traditional services or APIs? In this blog, we’ll break down what microservices are, their key features, and how they differ from the more traditional service-oriented architectures (SOA) or simple APIs. What Are Microservices? In the simplest terms, a microservice is a way of designing software as a collection of small, independent services that each handle a specific task or business function. Imagine you're building an online shopping application. Rather than having a massive, monolithic (one big block of) application that handles everything—user management, product catalog, payment processing, etc.—you can break it down into smaller services. For example: User Service : Manages user accounts, login...
Post a Comment
Read more