Change port and deny all and still use?

Spirogg

• February 23, 2018 19:20

Hi all, Just wondering can you go to WHM in cpanel and go to Home >Security Center > Host Access Control and input Access Deny ALL port 22 or whatever port you change it too and when you want to login to ssh via ssh key you could allow temporarily or will the ssh key let you login anyway if it is deny all ? also can you just change the port to something under 1024 and will the new port be disabled or still open and I have to close it somehow ? if you do add Access Deny ALL port 22 does it block the IP's from trying to hit that port so much and the firewall rules will blacklist them or can you still get hit with IP's and slow your server down ? PS I have cloudlinux OS Cagefs installed and Imunity360 but my port is still 22 do I just change my port to another port and it will be secure since I have cagefs and all the cloudlinux stuff ? Sorry for my ignorance i am a newbie at this Thanks so much in advance Spiro

• 

  Spirogg

  • February 24, 2018 01:17

  also how do you know if a port is available to change it to ? i've read root needs to change port and it needs to be under 1024 but what port number can you use? with out conflicting with something else? thanks again Spiro

  0
• 

  cPanelMichael

  • February 26, 2018 16:05

  Hello,

  and input Access Deny ALL port 22 or whatever port you change it too and when you want to login to ssh via ssh key you could allow temporarily or will the ssh key let you login anyway if it is deny all ?

  
  No, if the port is blocked for all users, access is denied no matter the authentication type.

  also can you just change the port to something under 1024 and will the new port be disabled or still open and I have to close it somehow ?

  
  You'd still need to use a firewall rule or the "Host Access Control" option to restrict access to the port to specific IP addresses if you wanted access restricted. You may find CSF useful for this purpose:

  if you do add Access Deny ALL port 22 does it block the IP's from trying to hit that port so much and the firewall rules will blacklist them or can you still get hit with IP's and slow your server down ?

  
  The "Host Access Control" feature prevents authentication, but it doesn't block the access attempt itself. You'd need to use a firewall rule to do that (See CSF in my previous answer).

  PS I have cloudlinux OS Cagefs installed and Imunity360 but my port is still 22 do I just change my port to another port and it will be secure since I have cagefs and all the cloudlinux stuff ?

  
  For SSH, the following thread is helpful if you want it secured: As far as overall server security, this document is a good place to start: Thank you.

  0
• 

  Spirogg

  • February 28, 2018 20:32

  thank you please mark as solved

  0

Please sign in to leave a comment.