How to hide the SSH daemon
Secure Shell (SSH) is a network protocol that provides network services such as remote command-line logins and data communications. It creates a secure channel between a client and a server that are running their respective SSH daemons from a particular port. However, an open SSH port represents a vulnerability that malicious users potentially could exploit to gain access to an SSH server. A system administrator can configure a firewall to hide the SSH daemon from unauthorized users, while allowing authorized users to connect to the server with SSH. This example uses iptables to configure the firewall, which is installed by default on a CentOS system.
| DIFFICULTY | Basic - 1 | Medium - 2 | Advanced - 3 |
| TIME REQUIRED | 5 min |
| RELATED PRODUCTS | Linux-based VPS or dedicated servers |
Here is a quick tutorial on how to hide the SSH daemon.
Show that the SSH daemon is currently visible
Enter the SSH command that will connect to the server. This example connects to the server at IP address 127.0.01 with the root user name:
Enter the password when prompted to ensure the connection has been made to the server. exit out of this session to return to the client.
Configure the firewall to block most traffic
Flush the existing rules for the firewall with this command:
This rule tells the firewall to accept traffic from a connection that's already been established. Otherwise the firewall would block the current SSH session.
The firewall must allow persistent services that must always be running and visible to the users. For example, this command allows traffic to a website that's being service on port 80, which is the default port for web servers:
Use this command to block all connections that aren't specifically allowed:
Show that the SSH daemon is now hidden
Confirm that the SSH port is now closed by attempting to connect to the server again:
The above SSH command will eventually timeout as shown by the following screenshot:
