This topic describes how to modify the default remote ports of Windows and Linux instances.

Prerequisites

You must have registered an Alibaba Cloud account before you follow the instructions provided in the tutorial. If not, create a new Alibaba Cloud account first.

Modify the default remote port of a Windows instance

This section uses Windows Server 2012 as an example to describe how to modify the default remote port of a Windows instance.

  1. Establish a remote connection and log on to the Windows instance. For more information, see Connect to a Windows instance from the console.
  2. Modify the value of the PortNumber registry subkey.
    1. Press the shortcut keys Win + R to open the Run dialog box.
    2. Enter regedit.exe and press the Enter key to open the registry editor.
    3. In the left-side navigation pane, choose HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
    4. Find and right-click PortNumber in the list, and choose Modify... from the shortcut menu.
    5. In the Edit DWORD (32-bit) Value dialog box, enter a new remote port number in the Value data field. This example uses 3399 as the port number. Select Decimal in the Base section and click OK.
      port1
  3. Optional: If you have enabled the firewall, add the new remote port number to the firewall whitelist and allow connections to the port.
  4. Restart the instance in the ECS console. For more information, see Restart an instance.
  5. Add security group rules for the instance to allow connections to the new remote port. For more information, see Add security group rules.
  6. Establish a remote connection to the instance. Add a colon (:) followed by the new remote port number to the end of the remote IP address to connect to the instance. For example, 192.168.1.2:3399.
    port2
    Note If you use Mac Remote Desktop Connection to connect to the instance, you can connect only through the default port 3389 after the remote port is modified.

Modify the default remote port of a Linux instance

This section uses CentOS 6.8 as an example to describe how to modify the default remote port of a Linux instance.
Note Add a new default remote port without modifying port 22. This allows you to use the port 22 to log on to the instance if you fail to connect to the instance through the new remote port.
  1. Establish a remote connection and log on to the Linux instance. For more information, see Connect to a Linux instance from the console.
  2. Run the vim /etc/ssh/sshd_config command.
  3. Press the I key to enter the editing state. Add a new remote port such as port 1022 in this example. Enter Port 1022 under Port 22.
  4. Press the Esc key, enter : wq, and then exit the editing state.
  5. Run the following command to restart the instance. After the instance is restarted, you can log on to the Linux instance by using SSH through both port 22 and port 1022.
    /etc/init.d/sshd restart
  6. Configure the firewall.
    If your system version is earlier than CentOS 7 and you have enabled the default firewall iptables, note that iptables does not block access traffic by default. You need to run the iptables -A INPUT -p tcp --dport 1022 -j ACCEPT command to configure the firewall. Then, run the service iptables restart command to restart the firewall.
    Note By default, firewalld is installed for CentOS 7 and later. If you have enabled firewalld.service, run the firewall-cmd --add-port=1022/tcp --permanent command to allow traffic on TCP port 1022. If success is returned, traffic on TCP port 1022 is allowed.
  7. Add security group rules for the instance to allow connections to the new remote port. For more information, see Add security group rules.
  8. Use an SSH client to connect to the new remote port to check whether the remote port is modified.
    1. Enter the new remote port number in the Port field, which is 1022 in this example.
      Enter the new remote port number.
    2. If you can connect to the instance through port 1022, run the vim /etc/ssh/sshd_config command to delete port 22.
    3. Run the /etc/init.d/sshd restart command to restart the instance and the changes take effect after the instance restarts. You can start to use the new port to log on to the instance.