The SSH Configuration File
You can find the SSH configuration file at
To edit this file, you will need to log into your server as the
rootuser. Once you have logged into your normal user account via SSH, you can become the
rootuser by using the
sucommand. For example:
Editing the SSH Configuration File
To change specific parameters within
sshd_config, you need to uncomment the line by removing the number-sign (#) and changing the value for the line. For example, the default SSH port appears in a line like this:
To change the SSH port to 456, you will need to make the line appear like this:
NOTE: If you are changing the default SSH port then you NEED to allow the new port in the servers firewall (iptables,csf,ufw etc) before restarting SSH, otherwise you will lose access.
To restart the SSH service on the new port:service sshd restart
- Port — The port number on which sshd listens for connections. The highest acceptable value is 49151.
Warning: We recommend that you use a port number that is less than 1024 that is not already utilized by another service. These are known as "privileged" ports, because only root can bind to them. Ports 1024 and above are known as "unprivileged" ports, and anyone can use them.
- Protocol — The SSH protocol your server will use. We recommend changing this value to 2.
- Listen Address — The IP address on which
sshdlistens for connections. Your server must own this IP address. We strongly recommend that you do not use your main shared IP address for this value. You can create a custom nameserver entry specifically for the new SSH IP address. To do so, you will need to create the zone file (for example,
ssh.example.com) and add an A entry to the zone file for the new nameserver entry.
- PermitRootLogin — This option specifies whether or not you wish to allow people to directly log in via SSH as the root user. We strongly recommend that you set this value to
After you are finished configuring SSH, you will need to restart the SSH daemon. You can do so by issuing the following command:
After you restart SSH, you will need to log out of your server and log in again using the proper user, IP address, and port number you specified in
If you accidentally misconfigure your SSH configuration file, you can access the following link to run a script on your server:
This script will temporarily configure an additional SSH configuration file for port
23, allowing you to access, edit, and fix the original SSH configuration file.
An SSH legal message (message of the day or
motd) appears whenever someone logs into your server via SSH. This message is contained within the following file:
To set a legal message, use your preferred text editor to edit the file and save your changes. For example, one of our technical analysts uses the following message:
ALERT! You are entering a secured area! Your IP and login information have been recorded. System administration has been notified. This system is restricted to authorized access only. All activities on this system are recorded and logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.
You can use WHM's Home >> Security Center >> SSH Password Authorization Tweak feature to disable password authentication. Disabling password authentication forces users to login via SSHusing keys rather than passwords.