Why run SSH on a different port

I am currently learning about installing Kippo SSH. From the tutorial, it said that I should reconfigure SSH port from 22 to a different port (which in this case 3389). So now whenever I try to SSH from a client, it will connect to port 3389.

From the tutorial, the reason behind this is that "we do not want Kippo to have root access".

My question being, what difference does it make running SSH from port 22 vs port 3389?


Most servers require root access if you want to open ports lower than 1024.

The TCP/IP port numbers below 1024 are special in that normal users are not allowed to run servers on them. This is a security feaure, in that if you connect to a service on one of these ports you can be fairly sure that you have the real thing, and not a fake which some hacker has put up for you.

See: https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html


What difference does it make running SSH from port 22 vs port 3389?

In order to bind to a port below 1024 (a privileged port) a process must have root access. By making it bind to 3389 root access is not required.


One of the reasons I've seen this done, is to reduce log spam from password scanners. Then if someone's trying to bruteforce passwords, you know it's a targeted attempt rather than a driveby.


By redirecting SSH to a non standard port - you are making a hacker's life more difficult - because they will not be 100% sure which port you are using to access your system.

Port 22 - is the default port as you are aware. But if you have altered this to a non-standard port... I now need to go and carry out a port-scan using Nmap or some other tool to try and detect where the ssh server is now listening - this increases the chances of your IDS (Intrusion Detection System) of detecting this type of malicious behaviour - and can allow you to start to take counter-measures (such as denying the target's IP address).

Whilst it is true that to CREATE a listening port below 1024 you need root access - the sshd (the ssh daemon [server]) will have been started at boot time, and that alone will not stop priv/non-priv users from accessing the ssh process.

Should you wish to stop ssh for root - and this is always a good thing to stop. Then the ssh.config (It changes a little in its name depending on the OS being used - look however in /etc/ssh/ )

The value that controls if a root account can log in is

#PermitRootLogin no

This value and not the Port number - which by the way is configured using a value such as

#Port 22

Is how to restrict.

Ssh is a fantastic, flexible and secure communication mechanism - but only if understood and used correctly.