This topic describes how to modify the default port used by an Elastic Compute Service (ECS) instance to accept connections.

Modify the default port used by a Windows instance to accept connections

This section describes how to modify the default port used by a Windows instance to accept connections. In this example, Windows Server 2012 is used.

  1. Connect and log on to the Windows instance. For more information, see Connect to a Windows instance by using password authentication.
  2. Modify the value of the PortNumber registry subkey.
    1. Press Win+R to open the Run dialog box.
    2. Enter regedit.exe and press the Enter key to open the registry editor.
    3. In the left-side navigation pane, choose HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp.
    4. Find and right-click PortNumber in the list, and select Modify....
    5. In the Edit DWORD (32-bit) Value dialog box, enter a new port number in the Value data field. In this example, enter 3399. Select Decimal in the Base section and click OK.
      api1
  3. Optional: If you have enabled the firewall, add a firewall rule to allow connections to the new port of the instance.
  4. Restart the instance in the ECS console. For more information, see Reboot the instance.
  5. Add security group rules to the security group of the instance to allow connections to the new port. For more information, see Add security group rules.
  6. Connect to the instance. In the Remote Desktop Connection dialog box, enter <IP address of the instance>:<New port number> in the Computer field and click Connect to connect to the instance.
    Connect to the instance
    Note You can use Mac Remote Desktop Connection to connect to the instance only over the default port 3389.

Modify the default port used by a Linux instance to accept connections

This section describes how to modify the default port used by a Linux instance to accept connections. In the example, CentOS 6.8 and CentOS 7.7 are used.

  1. Connect and log on to the Linux instance.
  2. Run the following command to back up the sshd configuration file:
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
  3. Modify the port number of sshd.
    1. Run the following command to edit the sshd_config configuration file:
      vim /etc/ssh/sshd_config
    2. Press the I key to enter the edit mode.
    3. Add a new port to accept connections.
      In this example, add port 1022. Enter Port 1022 under Port 22. Add port
    4. Press the Esc key, enter :wq, and then press the Enter key to save and close the file.
  4. Run one of the following commands to restart sshd. After sshd is restarted, you can log on to the Linux instance by using SSH port 1022.
    • If the Linux instance runs CentOS 7 or later, or Alibaba Cloud Linux 2, run the following command:
      systemctl restart sshd
    • If the Linux instance runs CentOS 6, run the following command:
      /etc/init.d/sshd restart
  5. Optional:Configure the firewall to allow traffic over port 1022.
    If the firewall is enabled for the ECS instance, you must configure the firewall to allow traffic over the new port.
    • Instance that runs CentOS 7 or later, or Alibaba Cloud Linux 2:

      By default, firewalld is installed for instances that run CentOS 7 and later. If you have enabled firewalld.service, run the following command to allow traffic over TCP port 1022:

      firewall-cmd --add-port=1022/tcp --permanent

      If traffic over TCP port 1022 is allowed, success is returned.

    • Instance that runs CentOS 6:

      If the instance runs CentOS 7 and earlier and the default firewall iptables is enabled for the instance, note that the default settings of iptables do not block access traffic. If you have configured iptables rules, run the following command to configure the firewall:

      iptables -A INPUT -p tcp --dport 1022 -j ACCEPT

      Then, run the following command to restart the firewall.

      service iptables restart
  6. Add security group rules to the security group of the instance to allow traffic over TCP port 1022.
    For more information, see Add security group rules.
  7. Use an SSH client to connect to the instance to check whether traffic over the new port is allowed.
    Enter the new port number in the Port field. In this example, enter 1022. Enter the new port number
    Note

    After the port number is modified, you cannot use the default port 22 to connect to the ECS instance.