SSH servers listen for incoming connections on TCP port 22. Therefore, port 22 is subjected to unauthorized login attempts by hackers trying to access unsecured servers. To prevent unauthorized server assess, you can turn off port 22 and run the service on a random port between 1024 and 65535.
The following task requires root access privileges.
Aspera® transfer products ship with OpenSSH listening on both TCP/22 and TCP/33001. Aspera recommends using TCP/33001 only and disabling TCP/22.
Port 22 Port 33001
To enable TCP/33001 while you are migrating from TCP/22, open port 33001 within the sshd_config file where SSHD is listening on both ports.
... AllowTcpForwarding no Match Group root AllowTcpForwarding yes
Depending on your sshd_config file, you may have additional instances of AllowTCPForwarding that are set to the default Yes. Review your sshd_config file for other instances and disable as appropriate.
Disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. Review your user and file permissions, and see the following instructions on modifying shell access.
... PubkeyAuthentication yes #PasswordAuthentication yes PasswordAuthentication no ...
... #PermitRootLogin yes PermitRootLogin no ...
Administrators can then use the su command if root privileges are needed.
Restart or reload the SSH Server using the following commands:
$ sudo service sshd restart
$ sudo service sshd reload
$ sudo /etc/init.d/ssh restart
$ sudo /etc/init.d/ssh reload