or more suitable title:
How to stop script kiddies to from flooding your logs by constantly pinging SSH port 22 on Ubuntu 24.04 (Noble Numbat)
This is something I'm writing as my first blog post, partly as a note to myself.
Ubuntu changed this for some reason on the version 24.04, so updating /etc/ssh/sshd_config && service ssh restart won't work anymore.
Digging it out from Google is like stepping on a rake, and it takes ChatGPT like 5 guesses and and tons of back and forth to get it right and its search function for previous convos still suck 🙂
The steps shown in the StackOverflow/ServerFault topic about this also don't seem to work for me, so what I wrote below are the simple steps that worked for me:
By default, SSH runs on port 22. While that works fine if you either make a long generated password or just use keys like civilized people, it also means your server is constantly being probed by script kiddies scanning port 22 for weak logins.
Unless you like exploding logs, you might want to move that port to some 4-digit number. Yes, I know, fail2ban does exist, but we all know that moving ports does 95% of its job. In my experience, using both helps. Bots nowadays use proxies so fail2ban doesn't really clear them out properly. Many bots will find your port sooner or later, so you'll likely need to move the port to a different one from time to time.
Also, if you're guarding something really precious, VPN or any way of allowing only a range of whitelisted IPs might be your best choice.
Anyways, without any further ado, here's how you do it on Ubuntu 24.04 (Noble Numbat):
TL;DR YOLO Variant 🚀
For the lazy shmucks who just want to copy–paste one line and pray.
I'm sure your other hobbies are piping scripts straight from curl into bash, Russian roulette,
and telling your wife her new haircut 'is fine, I guess'
SET_THIS_PORT=2222; sudo sed -i "s/^#\?Port .*/Port $SET_THIS_PORT/" /etc/ssh/sshd_config && sudo systemctl daemon-reload && sudo systemctl restart ssh.socket
If that works, congrats, you're done.
If it doesn't, keep reading.
Step 0. Connect using two different terminals
Before you continue, just as a precaution, connect to your server IP with two different SSH terminals. If something goes wrong, you'll be able to check if you've messed something up, don't close the terminal you're working from until you confirm the new port is working
1. Edit the SSH config
Open the SSH daemon configuration file:
vim /etc/ssh/sshd_configFind the line that says:
#Port 22It is commented out by default. Change the port to something else, let's say 2222
2. Now restart these two in this particular order:
sudo systemctl daemon-reload
sudo systemctl restart ssh.socketFor me at least, it never worked if I restart only one of these two and if I don't restart ssh.socket after I do daemon-reload
3. Adjust the firefall
sudo ufw allow 2222/tcp
sudo ufw delete allow 22/tcp # only after confirming new port worksAnd that's it!
Hope this method worked for you.
