VPS 및 전용 서버(호스팅 컨트롤 센터) 도움말

How to hide the SSH daemon

Secure Shell (SSH) is a network protocol that provides network services such as remote command-line logins and data communications. It creates a secure channel between a client and a server that are running their respective SSH daemons from a particular port. However, an open SSH port represents a vulnerability that malicious users potentially could exploit to gain access to an SSH server. A system administrator can configure a firewall to hide the SSH daemon from unauthorized users, while allowing authorized users to connect to the server with SSH. This example uses iptables to configure the firewall, which is installed by default on a CentOS system.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
RELATED PRODUCTS Linux-based VPS or dedicated servers

Here is a quick tutorial on how to hide the SSH daemon.

Show that the SSH daemon is currently visible

Enter the SSH command that will connect to the server. This example connects to the server at IP address 127.0.01 with the root user name:

# ssh root@

Enter the password when prompted to ensure the connection has been made to the server. exit out of this session to return to the client.

Configure the firewall to block most traffic

Flush the existing rules for the firewall with this command:

# iptables –F

This rule tells the firewall to accept traffic from a connection that's already been established. Otherwise the firewall would block the current SSH session.

# iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

The firewall must allow persistent services that must always be running and visible to the users. For example, this command allows traffic to a website that's being service on port 80, which is the default port for web servers:

# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Use this command to block all connections that aren't specifically allowed:

# iptables -A INPUT -j DROP

Show that the SSH daemon is now hidden

Confirm that the SSH port is now closed by attempting to connect to the server again:

# ssh root@

The above SSH command will eventually timeout as shown by the following screenshot:

이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.