Skip to main content

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide

Changing the Default SSH Port on Windows Server 2019: A Step-by-Step Guide




By default, SSH uses port 22 for all connections. However, for enhanced security or due to policy requirements, it may be necessary to change this default port. In this guide, we'll walk you through how to change the SSH port on Windows Server 2019.

Changing the default port not only reduces the chances of brute-force attacks but also minimizes exposure to potential vulnerabilities. Let's get started!

Why Change the Default SSH Port?

Changing the default SSH port can offer several advantages:

  • Security: Automated scripts often target the default SSH port (22). Changing it can prevent many basic attacks.
  • Compliance: Certain compliance regulations or internal policies may require the use of non-standard ports.
  • Segregation: If multiple services are running on the same server, different ports can be used for easier management and separation.

Prerequisites

Before proceeding, ensure that you:

  1. Have administrative privileges on the Windows Server 2019.
  2. Have OpenSSH installed and running.
  3. Are familiar with Windows PowerShell or Command Prompt.
  4. Understand how to manage Windows Firewall rules.

Step 1: Modify the SSHD Configuration File

The sshd_config file is where the SSH service configuration lives. This is where we will specify the new port for SSH.

1. Open PowerShell as Administrator

  • Right-click the Start button and select Windows PowerShell (Admin) to open PowerShell with admin privileges.

2. Locate the SSH Configuration File

The configuration file is located at:

makefile
C:\ProgramData\ssh\sshd_config

3. Edit the Configuration File

You can edit the configuration file using any text editor. In PowerShell, type the following command to open it in Notepad:

powershell
notepad C:\ProgramData\ssh\sshd_config

4. Modify the Port Line

  • In the configuration file, locate the line that reads:
    bash
    #Port 22
  • Uncomment the line by removing the # and change the port to your desired number (e.g., 2222):
    yaml
    Port 2222

Note: Ensure the new port does not conflict with other services.

5. Save the File

After modifying the port, save the sshd_config file and close the editor.

Step 2: Allow the New Port in Windows Firewall

Once you've configured SSH to use the new port, you need to allow traffic through this port in Windows Defender Firewall.

1. Open Windows Defender Firewall

  • Open Server Manager, click on Tools, and select Windows Defender Firewall with Advanced Security.

2. Create a New Inbound Rule

  • Click on Inbound Rules in the left pane.
  • In the right pane, click New Rule.

3. Specify the Port

  • Choose Port as the rule type.
  • Select TCP and enter the new port number (e.g., 2222) in the specific local ports field.

4. Allow the Connection

  • Choose Allow the connection and click Next.

5. Select Profiles

  • Apply the rule to the Domain, Private, and Public profiles (or whichever is appropriate for your environment).

6. Name the Rule

  • Give the rule a meaningful name, such as SSH on Port 2222, and click Finish.

Step 3: Restart the SSH Service

For the changes to take effect, you need to restart the OpenSSH server.

1. Restart the SSH Service

In PowerShell, type the following command to restart the SSH service:

powershell
Restart-Service sshd

2. Verify the New Port

To confirm that the SSH service is now listening on the new port, use the following command:

powershell
netstat -an | findstr :2222

If the new port appears in the output, it means the SSH service is successfully listening on it.

Step 4: Test the SSH Connection

Before closing your existing session, test the SSH connection on the new port from a client machine.

1. Open PuTTY or Any SSH Client

  • Open PuTTY (or any SSH client) and enter the IP address of the Windows server.

2. Enter the New Port

  • In the Port field, enter the new port (e.g., 2222).

3. Connect

  • Click Open to initiate the connection and log in with your SSH credentials.

If the connection succeeds, the new port is working properly.

Step 5: Disable Port 22 (Optional)

Once you've verified the new port, you can disable port 22 for additional security.

1. Edit the sshd_config File Again

  • Open the sshd_config file again and comment out or delete the Port 22 line:
    bash
    #Port 22

2. Save the File and Restart the Service

  • Save the file and restart the SSH service again:
    powershell
    Restart-Service sshd

3. Remove the Old Firewall Rule

  • In Windows Firewall, find the rule allowing traffic on port 22 and either disable or remove it.

Conclusion

Changing the default SSH port on Windows Server 2019 helps improve security by reducing exposure to automated attacks on port 22. It’s a simple yet effective way to harden your server’s defenses. By following the steps outlined here, you can change the SSH port, configure firewall rules, and test the new configuration.

Key Takeaways:

  • Change the port by modifying the sshd_config file.
  • Allow the new port in Windows Firewall.
  • Test the connection before disabling port 22.
  • Enhance security by removing the default port once you confirm the new one works.

By implementing these practices, you can manage your Windows Server 2019 SSH access securely and efficiently.

With this guide, you're now equipped to modify your SSH settings and optimize your server's security. Keep your systems safe, and happy managing! 😊

Comments

Post a Comment

Provide your valuable feedback, we would love to hear from you!! Follow our WhatsApp Channel at
https://whatsapp.com/channel/0029VaKapP65a23urLOUs40y

Popular posts from this blog

Data Security and Performance Optimization in Large-Scale Bulk Payment Systems Using SQL Server and C#

  Data Security and Performance Optimization in Large-Scale Bulk Payment Systems Using SQL Server and C# In today's digital world, securing Personally Identifiable Information (PII) and handling bulk transactions efficiently are crucial, especially in financial systems like National Automated Clearing House (NACH) operations. NACH systems typically deal with thousands or even millions of payment records on a regular basis. When working with sensitive PII data in such bulk operations, ensuring data security at rest and in motion while maintaining performance can be a challenge. In this blog post, we’ll explore how to implement data security using SQL Server's Always Encrypted and C# , while also addressing the performance considerations for bulk operations. We’ll also look at strategies for optimizing large-scale payment processing without compromising on data security. 1. Introduction to Data Security for Bulk Payment Systems When handling sensitive financial data like p...
1 comment
Read more

Implementing Compression Then Encryption (CTE) for Large XML Files in C#: A Practical Guide

  Implementing Compression Then Encryption (CTE) for Large XML Files in C#: A Practical Guide In today’s data-driven world, handling large datasets efficiently is crucial, especially when dealing with sensitive information. When it comes to securing large XML files, implementing Compression Then Encryption (CTE) is an effective strategy. This blog will walk you through the process of applying CTE to an XML file in C#, ensuring both data efficiency and security. Why CTE? Compression Then Encryption (CTE) is a two-step process designed to enhance the security and efficiency of data storage and transmission: Compression : Reduces the size of the data, making it faster to transmit and less storage-intensive. Encryption : Protects the compressed data, ensuring that sensitive information remains secure even if intercepted. Applying compression before encryption is key because encrypted data is often resistant to further compression, while compressing plaintext can significantly reduce it...
Post a Comment
Read more