Change the default port used by an instance to accept connections - Elastic Compute Service

You can enhance the security of your system by changing the default ports for remote access. For example, the default port for Windows Remote Desktop Protocol (RDP) is 3389, and the default port for Linux Secure Shell (SSH) is 22. Changing those default ports can protect the servers or services from unauthorized access by automated attacks and malicious scanning against those common used ports. This topic describes how to change the default port used by an Elastic Compute Service (ECS) instance to accept connections.

Change the default port used by a Windows instance to accept connections

This section describes how to change the default port used by a Windows instance to accept connections. In this example, Windows Server 2022 is used.

Important

Mac Remote Desktop Connection can only be used to connect to the instance over the default port 3389.

Connect and log on to the Windows instance.
For more information, see Connect to a Windows instance by using a password or key.
Change the value of the PortNumber registry subkey.
1. Press Win+R to open the Run command window.
2. Enter regedit.exe and press the Enter key to open the registry editor.
3. In the left-side navigation pane, choose HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server > Wds > rdpwd > Tds > tcp.
4. Find and right-click PortNumber in the right list, and select Modify....
5. In the Edit DWORD (32-bit) Value dialog box, enter a different port number in the Value data field. In this example, enter 3399. Select Decimal in the Base section and click OK.
6. In the left-side navigation pane, choose HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
7. Find and right-click PortNumber in the right list, and select Modify....
8. In the Edit DWORD (32-bit) Value dialog box, enter a different port number in the Value data field. In this example, enter 3399. Select Decimal in the Base section and click OK.
Restart the instance in the ECS console.
For more information, see Restart instances.
Add security group rules to the security group of the instance to allow connections to the new port.
For more information, see Add a security group rule.
Connect to the instance. In the Remote Desktop Connection dialog box, enter <IP address of the instance>:<New port number> in the Computer field and click Connect to connect to the instance.

Change the default port used by a Linux instance to accept connections

This section describes how to change the default port used by a Linux instance to accept connections. In the example, Alibaba Cloud Linux 3 is used.

Important

After the port number is changed, you cannot use the default port 22 to connect to the instance.

Connect and log on to the Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following command to back up the sshd configuration file:
```
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
```
Change the port number of sshd.
1. Run the following command to edit the sshd_config configuration file:
```
sudo vim /etc/ssh/sshd_config
```
2. Press the I key to enter Insert mode.
3. Add a new port to accept connections.
  In this example, add port 1022. Enter Port 1022 under Port 22.
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
Run one of the following commands to restart sshd. After sshd is restarted, you can log on to the Linux instance by using SSH port 1022.
```
sudo systemctl restart sshd
```
Add security group rules to the security group of the instance to allow traffic over TCP port 1022.
For more information, see Add a security group rule.
Use an SSH client to connect to the instance to check whether traffic over the new port is allowed.
Enter the new port number in the Port field. In this example, enter 1022.