Hopefully a quick How-To Change the Port for OpenSSH on Windows 2019.<\/p>\n\n\n\n
Ok, so we have OpenSSH installed on Windows Server 2019, but it is using the default SSH Port 22. Which is ok but if you are opening this up to the internet then maybe not so much as the kiddie-scripts will hammer this port with brute-force attacks. A better option is to change to a non-default high port number. Yes, arguments will continue over doing this or not, good, better, best practice, etc., but lets just focus on the technical aspect and save the flame-wars for another millenia. <\/p>\n\n\n\n
First up, we need to modify the sshd server setting which is done by editing the sshd_config file. Which depending on where you look may appear to be found in c:\\windows\\system32\\openssh\\ but that is not the file you are looking for<\/em>. You need to look for and edit c:\\%programdata%\\ssh\\sshd_config (thanks to Ebin Issac<\/a> for that clue). The file also needs Admin permissions to save the changes, so if you are using Notepad.exe to do the edit, open Notepad as Administrator and then open the file. Right-click the file and Open with Notepad will not allow you to save the changes. <\/p>\n\n\n\n Edit the file to change the port:<\/p>\n\n\n\n Now save the file and stop \/ start the sshd service. <\/p>\n\n\n\n Next use netstat to check if the new port is listening<\/p>\n\n\n\n Now, before you leap into the command, if you are using PowerShell (PoSh) then the find command will probably give you a “FIND: Parameter format not correct” as the ‘your-port-number’ is a string and will need to be enclosed in quotes, but not just any quotes. For whatever bizarre reason, we need to escape the quote marks for PoSh. <\/p>\n\n\n\n or you can also using the back-tick ` mark like this <\/p>\n\n\n\n So you should have a response something like this:<\/p>\n\n\n\n Noting that the port number used of 12345 is not recommended, the real port number has been changed. <\/p>\n\n\n\n Then modify Windows firewall entry (assumes you configured the firewall rule using Microsoft instruction set) with PowerShell using your port number (not 12345)<\/p>\n\n\n\n and your hardware firewall if needed. <\/p>\n\n\n\n Reference for the PoSh Find command was https:\/\/superuser.com\/questions\/983105\/find-parameter-format-not-correct-and-findstr-write-error-with-pipes<\/a>.<\/p>\n\n\n\n#Port 22 <-- in this line remove the # and change 22 to your desired port number<\/pre>\n\n\n\n
netstat -na | find your-port-number<\/pre>\n\n\n\n
netstat -na | find \"\"\"your-port-number\"\"\" <--- yes, triple quotation marks to escape the escaped!<\/pre>\n\n\n\n
netstat -na | find `\"your-port-number`\" <--- the back-ticks escape the quote mark, so this is a bit shorter<\/pre>\n\n\n\n
PS C:\\windows\\system32> netstat -na | find `\"12345`\"\n TCP 0.0.0.0:12345 0.0.0.0:0 LISTENING\n TCP [::]:12345 [::]:0 LISTENING<\/pre>\n\n\n\n
Set-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -LocalPort 12345<\/pre>\n\n\n\n