Securing your server starts with minimizing vulnerabilities, and one of the simplest yet most effective steps is changing the default SSH port. By doing so, you reduce exposure to automated attacks that specifically target port 22. But securing SSH is just the beginning—proper firewall management ensures your server is both accessible and protected.
This guide walks you through a complete workflow for improving your server’s security:
- Change the default SSH port.
- Open only the ports required for applications like Webmin, HTTP, or HTTPS.
- Close unnecessary ports to reduce your attack surface.
- Update the OpenSSH profile to match your custom port.
- Install and configure OpenSSH on Windows, allowing seamless server access with PowerShell.
By following this tutorial, you’ll achieve a cleaner, more secure UFW configuration while ensuring uninterrupted access to your services.
Step 1: Change the SSH Port
Edit the SSH Configuration
- Open the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_config - Locate and update the
Portdirective:Port 2022 - Save the file (
Ctrl+O, thenEnter) and exit (Ctrl+X).
Restart SSH Service
Restart the SSH service to apply the new port configuration:
sudo systemctl restart sshdTest the New Port
Ensure the new port works:
ssh -p 2022 user@your-serverStep 2: Open Required Ports
To ensure your applications function properly, open these ports using UFW:
Open Ports
Run the following commands to allow traffic:
- Port 10000 (e.g., Webmin):
sudo ufw allow 10000/tcp - Port 80 (HTTP):
sudo ufw allow 80/tcp - Port 443 (HTTPS):
sudo ufw allow 443/tcp - OpenSSH Profile (to match the default SSH port, initially 22):
sudo ufw allow OpenSSH
Check UFW Status
Verify the rules:
sudo ufw statusExpected output:
To Action From
-- ------ ----
10000/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
10000/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
Step 3: Update OpenSSH Profile
If you’ve moved SSH to a custom port (e.g., 2022), update the OpenSSH profile to reflect the new port:
- Open the OpenSSH profile for editing:
sudo nano /etc/ufw/applications.d/openssh-server - Modify the
ports=line to match your new SSH port:ports= 2022/tcp - Save and exit the file.
- Reload UFW to apply changes:
sudo ufw reload
Step 4: Close Unnecessary Ports
To improve security, close any ports that are no longer needed:
Close Specific Ports
Use the following commands to remove rules:
Port 10000: sudo ufw delete allow 10000/tcp
Port 80 (HTTP): sudo ufw delete allow 80/tcp
Port 443 (HTTPS): sudo ufw delete allow 443/tcp
Explicit SSH Port Rule (if previously added): sudo ufw delete allow 2022/tcp
Check UFW Status Again
Verify the updated rules:
sudo ufw statusExpected output (if all extra ports are removed and OpenSSH is updated for 2022):
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)Step 5: Verify and Test
Ensure you can still access SSH on the new port:
ssh -p 2022 user@your-server-ipConfirm application functionality for any ports you keep open (e.g., Webmin on port 10000).
How to Use SSH on Windows: Installing and Configuring OpenSSH in PowerShell
This part explains how to install and configure the OpenSSH Client on Windows, ensure it’s properly added to your system PATH, and use it with PowerShell to connect to a server over SSH.
Step 6: Install the OpenSSH Client on Windows
1. Open Settings
- Press
Win + Ito open the Settings app.
2. Navigate to Optional Features
- Go to System > Optional Features.
3. Check for OpenSSH Client
- Scroll through the list of installed features to see if OpenSSH Client is installed.
- If it’s not installed:
- Click Add a feature.
- Search for OpenSSH Client.
- Click Install and wait for the installation to complete.
4. Verify Installation
- Open PowerShell (press
Win + X, then select PowerShell). - Type the following command to check if the SSH client is installed:
ssh - If the client is installed, you’ll see the SSH usage information. If not, proceed to the next step.
Step 7: Add OpenSSH to the System PATH
If the SSH client is installed but not recognized, it may not be included in your system’s PATH. Follow these steps to add it manually.
1. Locate the OpenSSH Executable
- The OpenSSH executable is typically located in:
C:\Windows\System32\OpenSSH\ - Confirm its presence by navigating to the directory in File Explorer.
2. Add to the System PATH
- Open System Properties:
- Press
Win + Sand search for “Environment Variables”. - Click on Edit the system environment variables.
- Press
- Edit the
PATHVariable:- In the System Properties window, click Environment Variables.
- Under System variables, find the
Pathvariable and click Edit. - In the Edit Environment Variable window, click New and add:
C:\Windows\System32\OpenSSH\
- Click OK to save and close all windows.
3. Restart PowerShell
- Close and reopen PowerShell to apply the changes.
4. Verify SSH Installation
- Open PowerShell again.
- Type:
ssh - You should now see the SSH usage information.
Step 8: Connect to the Server
Once the OpenSSH client is installed and configured, use PowerShell to connect to your server.
1. Open PowerShell
- Open PowerShell by pressing
Win + Xand selecting PowerShell.
2. Use the SSH Command
Run the following command to connect to your server (replace jo and 192.168.1.182 with your username and server IP):
ssh -p 2022 user@your-server-ip3. Accept the SSH Key Fingerprint
- On the first connection, SSH will ask if you trust the server’s fingerprint. Type
yesto proceed.
4. Enter Your Password
- Enter your SSH password when prompted, and you’ll be logged into your server.
Tips and Troubleshooting
- Cannot Find SSH Command: Ensure the OpenSSH Client is installed and added to the
PATHas described in Step 6. - Firewall Rules: Make sure port
2022is allowed in your firewall. - Using a Different Port: Replace
2022with your configured SSH port in the command.
