1 Topic by mikekgr

  • mikekgr
  • Member
  • Offline
  • Registered: 2020-05-30
  • Posts: 73

Topic: How to change the SSH port

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 29/05/2020 version from github
- Deployed with iRedMail Easy or the downloadable installer? using iRedMail.sh
- Linux/BSD distribution name and version: Ubuntu server 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL (mariadb-server-10.3}
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Dear Sirs,
I need to change the port of the sshd to reduce the brute force connection tries.
Looking at the various iRedMail specific files, I saw that the sshd port is somehow hard coded to default port 22

The question is: How can change the sshd port to an arbitrary port and update all the iRedMail specific files?
Is there any easy way?

Thanks and Best Regards,
Mike Kranidis

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: How to change the SSH port

Make sure that you allow the new port in your firewall first, check in /etc/nftables.conf
Change the port that SSH listens on in /etc/ssh/sshd_config
Look for line "Port 22" and change the port as desired, make sure it is not commented out with a #
Restart and you should be good to go

By the way, you should consider looking into SSH Key based authentication instead of password based, this ensures that no matter how hard they try brute force it will never be possible to connect without the key file that you possess.
Or at the very least you should restrict SSH access to trusted IP addresses

3 Reply by mikekgr

  • mikekgr
  • Member
  • Offline
  • Registered: 2020-05-30
  • Posts: 73

Re: How to change the SSH port

MuPp3t33r wrote:

Make sure that you allow the new port in your firewall first, check in /etc/nftables.conf
Change the port that SSH listens on in /etc/ssh/sshd_config
Look for line "Port 22" and change the port as desired, make sure it is not commented out with a #
Restart and you should be good to go

By the way, you should consider looking into SSH Key based authentication instead of password based, this ensures that no matter how hard they try brute force it will never be possible to connect without the key file that you possess.
Or at the very least you should restrict SSH access to trusted IP addresses

Many thanks for your suggestions. In my Ubuntu server 20.04 installation there is not /etc/nftables.conf I believe that is still using the iptables.
Apart of this, I strongly believe that in case of iRedMail there are many other places that it is necessary to make changes in order to update the new sshd port. For example, even the fail2ban has hard cored the sshd port to 22.

Thanks anyway.

4 Reply by PaulCahill

  • PaulCahill
  • PaulCahill
  • Member
  • Offline
  • From: Northern KY, USA
  • Registered: 2018-06-02
  • Posts: 49

Re: How to change the SSH port

I'd suggest making any operating system changes before installing iRedMail. We do not run ssh on a standard port and the iRedMail installer recognizes that and asks if we want to make our change part of the iptables 'firewall'.
Look in /etc/default/iptables

PaulCahill's Website

5 Reply by mikekgr

  • mikekgr
  • Member
  • Offline
  • Registered: 2020-05-30
  • Posts: 73

Re: How to change the SSH port

PaulCahill wrote:

I'd suggest making any operating system changes before installing iRedMail. We do not run ssh on a standard port and the iRedMail installer recognizes that and asks if we want to make our change part of the iptables 'firewall'.
Look in /etc/default/iptables

Thanks for let me know that but I have installed now. So from now on, how can deal with it?

6 Reply by mikekgr

  • mikekgr
  • Member
  • Offline
  • Registered: 2020-05-30
  • Posts: 73

Re: How to change the SSH port

@ZhangHuangbin
is there any official way to change the sshd port and iRedMail to take care all of the changes in his configuration ?
Thanks

7 Reply by radpost

  • radpost
  • Member
  • Offline
  • Registered: 2020-04-21
  • Posts: 7

Re: How to change the SSH port

I've dealt with this issue another way.

Instead of changing ports, I made some simple changes to the firewall rules.

- Move ssh service away from iredmail zone and into trusted zone
- Add your static IP to the trusted zone

What this does is, it only allows your IP to access the SSH (Port 22) service.

Obviously this would only work if you have a static IP.

I've got some code if you are interested in going down this route.

8 Reply by mikekgr

  • mikekgr
  • Member
  • Offline
  • Registered: 2020-05-30
  • Posts: 73

Re: How to change the SSH port

radpost wrote:

I've dealt with this issue another way.

Instead of changing ports, I made some simple changes to the firewall rules.

- Move ssh service away from iredmail zone and into trusted zone
- Add your static IP to the trusted zone

What this does is, it only allows your IP to access the SSH (Port 22) service.

Obviously this would only work if you have a static IP.

I've got some code if you are interested in going down this route.

Thanks for the answer. No I am accessing my server from non static IP unfortunately.