Support Center > Search Results > SecureKnowledge Details
How to configure a non-standard SSH port on CloudGuard Dome9
Solution

How to configure a non-standard SSH port

This question comes up from time-to-time, so we decided to write this little how-to article.

Changing your SSH port number is not recommended anymore

Changing SSH to a port other than 22 is an old trick. There may have been a time when this trick was effective, but nowadays this mainly provides a *false sense of security*, management complexity, and won't increase your security. The port scanners used by hackers today will find the 'hidden' SSH port in no time. (try NMAP port scanner and see: http://nmap.org/)

SSH - The CloudGuard Dome9 Way

With CloudGuard Dome9, your SSH port is normally closed and only opened on-demand for authorized users, only for their IP address, and only for a limited time. During this process, SSH is not exposed to hackers and scanners - hence, is no need anymore to further hide it as it's cloaked already.

Still, here's how to define a non-standard SSH port with CloudGuard Dome9

Defining any custom service on CloudGuard Dome9 system is easy:

  • Login to your Dome9 Central portal and click the 'Policy Management" tab
  • Locate the relevant security group you wish to modify
  • Delete the old SSH rule (so it won't confuse you anymore)
  • Add new Service, name it SSH or SSH custom, select custom, TCP, and choose your port number
  • Click 'Save' and 'Done'. From now on your SSH will be protected by Dome9 and only enabled on demand for authorized users.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment