{"id":861,"date":"2022-03-15T15:00:36","date_gmt":"2022-03-15T08:00:36","guid":{"rendered":"https:\/\/doc.dncloud.net\/?p=861"},"modified":"2025-08-19T09:13:58","modified_gmt":"2025-08-19T02:13:58","slug":"huong-dan-doi-port-ssh-linux","status":"publish","type":"post","link":"https:\/\/dncloud.net\/blog\/huong-dan-doi-port-ssh-linux\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn \u0111\u1ed5i Port SSH Linux"},"content":{"rendered":"

\u0110\u1ed5i Port SSH l\u00e0 \u0111i\u1ec1u r\u1ea5t c\u1ea7n thi\u1ebft nh\u01b0 th\u01b0\u1eddng l\u1ec7 ch\u00fang ta s\u1ebd \u0111\u0103ng nh\u1eadp v\u00e0o m\u00e1y ch\u1ee7 Linux b\u1eb1ng port 22 r\u1ea5t d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng v\u00e0 khai th\u00e1c nh\u01b0 th\u1ef1c thi\u1ec7n t\u1ea5n c\u00f4ng d\u00f2 t\u00ecm m\u1eadt kh\u1ea9u (brute-force<\/a>) t\u00e0i kho\u1ea3n root. V\u1eady n\u00ean ch\u00fang ta c\u1ea7n ph\u1ea3i \u0111\u1ed5i port m\u1eb7c \u0111\u1ecbnh 22 th\u00e0nh port kh\u00e1c.<\/p>\n

\u0110\u1ed5i Port SSH Linux<\/h2>\n

\u0110\u1ea7u ti\u00ean b\u1ea1n c\u1ea7n \u0111\u0103ng nh\u1eadp v\u00e0o m\u00e1y ch\u1ee7 Linux c\u1ee7a m\u00ecnh.<\/a><\/p>\n

B\u01b0\u1edbc 1: Ki\u1ec3m tra Port SSH \u0111ang listen<\/h2>\n

\u0110\u1ec3 ki\u1ec3m tra port ssh m\u00e1y ch\u1ee7 ch\u00fang ta \u0111ang d\u00f9ng b\u1eb1ng l\u1ec7nh netstat<\/strong>.<\/p>\n

netstat -nltp | grep sshd<\/pre>\n
\"\"<\/p>\n
Nh\u01b0 l\u1ec7nh tr\u00ean ch\u00fang ta \u0111\u00e3 th\u1ea5y m\u00e1y ch\u1ee7 c\u1ee7a m\u00ecnh \u0111ang s\u1eed d\u1ee5ng port 22<\/strong> b\u00e2y gi\u1edd m\u00ecnh s\u1ebd ti\u1ebfn h\u00e0nh \u0111\u1ed5i qua port kh\u00e1c.<\/p>\n
B\u01b0\u1edbc 2: Thay \u0111\u1ed5i Port SSH<\/h2>\n
\u0110\u1ea7u ti\u00ean b\u1ea1n c\u1ea7n x\u00e1c \u0111\u1ecbnh port b\u1ea1n c\u1ea7n mu\u1ed1n \u0111\u1ed5i v\u00ed d\u1ee5 nh\u01b0 m\u00ecnh c\u1ea7n \u0111\u1ed5i sang port 3344<\/strong>, th\u00ec ch\u00fang ta c\u1ea7n ki\u1ec3m tra xem n\u00f3 \u0111\u00e3 s\u1eed d\u1ee5ng d\u1ecbch v\u1ee5 g\u00ec hay ch\u01b0a b\u1eb1ng l\u1ec7nh.<\/p>\n
 netstat -atnp | grep \":3344\"<\/pre>\n
L\u01b0u \u00fd:<\/strong> nh\u1edb thay 3344 b\u1eb1ng port b\u1ea1n c\u1ea7n \u0111\u1ed5i
\n\"\"
\nN\u1ebfu xu\u1ea5t hi\u1ec7n output nh\u01b0 n\u00e0y th\u00ec ok ch\u00fang ta s\u1ebd s\u1eed d\u1ee5ng port n\u00e0y.<\/p>\n
B\u00e2y gi\u1edd ch\u00fang ta s\u1ebd m\u1edf file c\u1ea5u h\u00ecnh ssh \u0111\u1ec3 ch\u1ec9nh s\u1eeda port ssh b\u1eb1ng c\u00e1ch ch\u1ec9nh s\u1eeda file t\u1ea1i \u0111\u01b0\u1eddng d\u1eabn \/etc\/ssh\/sshd_config. B\u1ea1n c\u00f3 s\u1eeda file n\u00e0y b\u1eb1ng l\u1ec7nh vi, vim, nano t\u1ea1i \u0111\u00e2y m\u00ecnh d\u00f9ng nano \u0111\u1ec3 ch\u1ec9nh s\u1eeda file.<\/p>\n
nano \/etc\/ssh\/sshd_config<\/pre>\n
B\u1ea1n t\u00ecm t\u1edbi d\u00f2ng #Port 22 b\u1ea1n b\u1ecf d\u1ea5u # \u0111i v\u00e0 s\u1eeda s\u1ed1 22<\/strong> th\u00e0nh s\u1ed1 port b\u1ea1n mu\u1ed1n \u0111\u1ed5i. V\u00ed d\u1ee5 m\u00ecnh s\u1eed d\u1ee5ng port 3344<\/strong> th\u00ec m\u00ecnh s\u1ebd s\u1eeda s\u1ed1 22<\/strong> th\u00e0nh 3344<\/strong>.<\/p>\n
L\u01b0u \u00fd:<\/strong> N\u1ebfu b\u1ea1n ch\u01b0a c\u00e0i nano th\u00ec ch\u1ea1y l\u1ec7nh yum install nano -y<\/strong> \u0111\u1ec3 ti\u1ebfn h\u00e0nh c\u00e0i \u0111\u1eb7t nano.<\/p>\n
\"\"<\/p>\n
Khi thay \u0111\u1ed5i ho\u00e0nh t\u1ea5t ta ti\u1ebfn h\u00e0nh nh\u1ea5n t\u1ed5 h\u1ee3p Ctrl+X<\/strong> ti\u1ebfp theo l\u00e0 Ctrl+Y<\/strong> \u0111\u1ec3 ti\u1ebfn h\u00e0nh tho\u00e1t v\u00e0 l\u01b0u l\u1ea1i file.<\/p>\n
B\u01b0\u1edbc 3: M\u1edf Port Firewall<\/h2>\n
Ta c\u1ea7n m\u1edf Firewall \u0111\u1ec3 c\u00f3 th\u1ec3 k\u1ebft n\u1ed1i t\u1edbi port m\u1edbi ch\u00fang ta m\u1edbi m\u1edf.<\/p>\n
    \n
  • \u0110\u1ed1i v\u1edbi m\u00e1y ch\u1ee7 s\u1eed d\u1ee5ng Firewalld<\/strong><\/li>\n<\/ul>\n
    sudo firewall-cmd --permanent --zone=public --add-port=3344\r\nsudo firewall-cmd --reload\/tcp<\/pre>\n
      \n
    • \u0110\u1ed1i v\u1edbi m\u00e1y ch\u1ee7 s\u1eed d\u1ee5ng ufw (Ubuntu\/Debian)<\/strong><\/li>\n<\/ul>\n
      sudo ufw allow 3344\/tcp<\/pre>\n
        \n
      • \u0110\u1ed1i v\u1edbi m\u00e1y ch\u1ee7 s\u1eed d\u1ee5ng iptables<\/strong><\/li>\n<\/ul>\n
        iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 3344 -j ACCEPT\r\nservice iptables restart<\/pre>\n
        L\u01b0u \u00fd:<\/strong> Nh\u1edb thay 3344 b\u1eb1ng Port b\u1ea1n c\u1ea7n \u0111\u1ed5i.<\/p>\n
        B\u01b0\u1edbc 4: Kh\u1edfi \u0111\u1ed9ng l\u1ea1i d\u1ecbch v\u1ee5 SSHD v\u00e0 ki\u1ec3m tra<\/h2>\n
        B\u00e2y gi\u1edd ch\u00fang ta s\u1ebd restart d\u1ecbch v\u1ee5 sshd \u0111\u1ec3 port m\u1edbi ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng l\u1ec7nh.<\/p>\n
        systemctl restart sshd<\/pre>\n
        B\u00e2y gi\u1edd b\u1ea1n h\u00e3y ti\u1ebfn h\u00e0nh \u0111\u0103ng nh\u1eadp v\u00e0o m\u00e1y ch\u1ee7 c\u1ee7a m\u00ecnh b\u1eb1ng port m\u1edbi nh\u00e9.
        \nCh\u00fac b\u1ea1n th\u00e0nh c\u00f4ng.<\/p>\n","protected":false},"excerpt":{"rendered":"
        \u0110\u1ed5i Port SSH l\u00e0 \u0111i\u1ec1u r\u1ea5t c\u1ea7n thi\u1ebft nh\u01b0 th\u01b0\u1eddng l\u1ec7 ch\u00fang ta s\u1ebd \u0111\u0103ng nh\u1eadp…<\/p>\n","protected":false},"author":1,"featured_media":867,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[130],"tags":[159,181,191,197],"class_list":["post-861","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-vps","tag-doi-port-ssh","tag-linux","tag-port","tag-ssh"],"_links":{"self":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts\/861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/comments?post=861"}],"version-history":[{"count":0,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts\/861\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/media\/867"}],"wp:attachment":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/media?parent=861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/categories?post=861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/tags?post=861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}