When checking ports from the outside, we perform a port scan on the computer to be checked to find out which ports are open, which services monitor these ports, etc. Port scanning is usually performed by system administrators to check the security of the server, but unfortunately, it is also often used by malicious attackers to map the weak points of the selected target computer. On this page, we review the basic use of the nmap command.

Several services can run on a Linux operating system, especially on a more complex web server installation. These services communicate through different TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) ports on the network interface. A listening port is a network port on which an application or process listens and acts as a communication endpoint. Checking ports is an important task from several points of view. On the one hand, for the sake of security, we must monitor the open ports and the communication on them, and on the other hand, we can also reduce the number of error possibilities that result from several similar services using the same port.

There are several ways to manage web servers and other servers remotely, of which SSH is the most common command line solution. The SSH protocol communicates over an encrypted channel between the server and the client. Like all similar communications, SSH transmits data through a specific port, which by default is the well-known tcp port 22. Since the function of this port is known to many people, it exposes the servers to regular attacks. This is usually avoided - or at least to reduce the number of attempts - by switching this well-known port to another, unknown port number, which can only be detected externally by port scanning, which is a more time-consuming task.
In this write-up, we will look at how to change SSH's well-known TCP port 22 to a unique port number to minimize the number of attack attempts via SSH.