{"id":279,"date":"2026-01-19T22:00:32","date_gmt":"2026-01-19T22:00:32","guid":{"rendered":"https:\/\/adveyer.com\/blog\/?p=279"},"modified":"2026-01-19T22:00:32","modified_gmt":"2026-01-19T22:00:32","slug":"linux-sunucularda-ssh-port-degistirme","status":"publish","type":"post","link":"https:\/\/adveyer.com\/blog\/linux-sunucularda-ssh-port-degistirme\/","title":{"rendered":"Linux Sunucularda SSH Port De\u011fi\u015ftirme"},"content":{"rendered":"<p>Linux sunucularda g\u00fcvenli\u011fi art\u0131rman\u0131n en temel ad\u0131mlar\u0131ndan biri <strong>SSH portunu de\u011fi\u015ftirmektir<\/strong>.<br \/>\nVarsay\u0131lan olarak SSH servisi <strong>22 numaral\u0131 port<\/strong> \u00fczerinden \u00e7al\u0131\u015f\u0131r ve bu port, brute force sald\u0131r\u0131lar\u0131 ile bot taramalar\u0131n\u0131n ilk hedefidir.<\/p>\n<p>SSH portunu de\u011fi\u015ftirmek;<\/p>\n<ul>\n<li>\u0130zinsiz eri\u015fim denemelerini azalt\u0131r<\/li>\n<li>Brute force ataklar\u0131n\u0131n b\u00fcy\u00fck k\u0131sm\u0131n\u0131 otomatik olarak engeller<\/li>\n<li>Root giri\u015f denemelerini en aza indirir<\/li>\n<li>Sunucunun sald\u0131r\u0131 y\u00fczeyini daralt\u0131r<\/li>\n<\/ul>\n<blockquote><p>\u26a0\ufe0f Not: SSH port de\u011fi\u015ftirmek tek ba\u015f\u0131na yeterli de\u011fildir, ancak <strong>Fail2ban, firewall ve anahtar tabanl\u0131 giri\u015f<\/strong> ile birlikte kullan\u0131ld\u0131\u011f\u0131nda olduk\u00e7a etkilidir.<\/p><\/blockquote>\n<h2><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/www.liquidweb.com\/wp-content\/uploads\/2024\/03\/ssh_port22-small.jpg\" alt=\"SSH Port De\u011fi\u015ftirme\" width=\"490\" height=\"327\" \/><\/h2>\n<h2>SSH Yap\u0131land\u0131rma Dosyas\u0131n\u0131 A\u00e7ma<\/h2>\n<p>\u00d6ncelikle SSH servisinin yap\u0131land\u0131rma dosyas\u0131n\u0131 d\u00fczenlememiz gerekiyor.<\/p>\n<pre><code class=\"language-bash\">nano -w \/etc\/ssh\/sshd_config\r\n<\/code><\/pre>\n<p>Bu dosya, SSH servisine ait t\u00fcm g\u00fcvenlik ve ba\u011flant\u0131 ayarlar\u0131n\u0131 i\u00e7erir.<\/p>\n<h2>SSH Portunu De\u011fi\u015ftirme<\/h2>\n<p>Dosya i\u00e7erisinde a\u015fa\u011f\u0131daki sat\u0131r\u0131 bulun:<\/p>\n<pre><code class=\"language-text\">#Port 22\r\n<\/code><\/pre>\n<p>Ba\u015f\u0131ndaki <code>#<\/code> i\u015fareti, sat\u0131r\u0131n yorum sat\u0131r\u0131 (pasif) oldu\u011funu g\u00f6sterir.<br \/>\nBu i\u015fareti kald\u0131rarak ve yeni bir port numaras\u0131 vererek SSH portunu de\u011fi\u015ftirebiliriz.<\/p>\n<h3>\u00d6rnek:<\/h3>\n<pre><code class=\"language-text\">Port 2222\r\n<\/code><\/pre>\n<h2>Yeni SSH Portu Se\u00e7erken Dikkat Edilmesi Gerekenler<\/h2>\n<p>Yeni portu belirlerken a\u015fa\u011f\u0131daki kurallara mutlaka dikkat edilmelidir:<\/p>\n<h3>1. Ba\u015fka bir servis taraf\u0131ndan kullan\u0131lm\u0131yor olmal\u0131<\/h3>\n<p>\u00d6rne\u011fin web sunucular\u0131 (80, 443), mail servisleri (25, 465, 587) gibi yayg\u0131n portlar\u0131 tercih etmeyin.<\/p>\n<p>Kullan\u0131mda olan portlar\u0131 kontrol etmek i\u00e7in:<\/p>\n<pre><code class=\"language-bash\">ss -tuln\r\n<\/code><\/pre>\n<h3>2. 1024 \u00fczeri bir port tercih edin<\/h3>\n<p>Genellikle <strong>2000 \u2013 65000<\/strong> aras\u0131 portlar uygundur.<\/p>\n<h3>3. Firewall kurallar\u0131 g\u00fcncellenmeli<\/h3>\n<p>E\u011fer sunucu \u00fczerinde veya harici bir network firewall varsa, yeni SSH portuna izin verilmelidir.<\/p>\n<h2>Firewall \u00dczerinde Yeni SSH Portuna \u0130zin Verme<\/h2>\n<h3>firewalld (CentOS, AlmaLinux, Rocky)<\/h3>\n<pre><code class=\"language-bash\">firewall-cmd --permanent --add-port=2222\/tcp\r\nfirewall-cmd --reload\r\n<\/code><\/pre>\n<h3>UFW (Ubuntu \/ Debian)<\/h3>\n<pre><code class=\"language-bash\">ufw allow 2222\/tcp\r\nufw reload\r\n<\/code><\/pre>\n<blockquote><p>\u26a0\ufe0f Firewall kural\u0131n\u0131 eklemeden SSH servisini restart etmeyin, aksi halde sunucuya eri\u015fiminizi kaybedebilirsiniz.<\/p><\/blockquote>\n<h2>SELinux Kullan\u0131l\u0131yorsa (\u00d6nemli)<\/h2>\n<p><a href=\"https:\/\/tr.wikipedia.org\/wiki\/SELinux\" target=\"_blank\" rel=\"noopener\">SELinux<\/a> aktif sistemlerde SSH portu ayr\u0131ca tan\u0131mlanmal\u0131d\u0131r.<\/p>\n<p>Mevcut SSH portlar\u0131n\u0131 g\u00f6rmek i\u00e7in:<\/p>\n<pre><code class=\"language-bash\">semanage port -l | grep ssh\r\n<\/code><\/pre>\n<p>Yeni portu eklemek i\u00e7in:<\/p>\n<pre><code class=\"language-bash\">semanage port -a -t ssh_port_t -p tcp 2222\r\n<\/code><\/pre>\n<p>E\u011fer port zaten tan\u0131ml\u0131ysa:<\/p>\n<pre><code class=\"language-bash\">semanage port -m -t ssh_port_t -p tcp 2222\r\n<\/code><\/pre>\n<h2>SSH Servisini Yeniden Ba\u015flatma<\/h2>\n<p>Yap\u0131land\u0131rma tamamland\u0131ktan sonra SSH servisini yeniden ba\u015flat\u0131yoruz.<\/p>\n<h3>Modern sistemlerde:<\/h3>\n<pre><code class=\"language-bash\">systemctl restart sshd\r\n<\/code><\/pre>\n<h3>Eski sistemlerde:<\/h3>\n<pre><code class=\"language-bash\">service sshd restart\r\n<\/code><\/pre>\n<p>veya:<\/p>\n<pre><code class=\"language-bash\">\/etc\/rc.d\/init.d\/sshd restart\r\n<\/code><\/pre>\n<h2>Yeni SSH Portunu Test Etme (\u00c7OK \u00d6NEML\u0130)<\/h2>\n<p>Mevcut SSH oturumunu <strong>kapatmadan \u00f6nce<\/strong>, yeni porttan ba\u011flant\u0131y\u0131 test edin.<\/p>\n<pre><code class=\"language-bash\">ssh -p 2222 kullanici@sunucu-ip\r\n<\/code><\/pre>\n<p>Ba\u011flant\u0131 ba\u015far\u0131l\u0131ysa, eski SSH oturumunu g\u00fcvenle kapatabilirsiniz.<\/p>\n<h2>Ek G\u00fcvenlik \u00d6nerileri (\u015eiddetle Tavsiye Edilir)<\/h2>\n<p><a href=\"https:\/\/adveyer.com\/blog\/ssh-nedir-nasil-kullanilir\/\">SSH<\/a> portunu de\u011fi\u015ftirdikten sonra \u015fu \u00f6nlemleri de alman\u0131z \u00f6nerilir:<\/p>\n<h4>Root giri\u015fini kapat\u0131n<\/h4>\n<pre><code class=\"language-text\">PermitRootLogin no\r\n<\/code><\/pre>\n<h4>Sadece SSH key ile giri\u015fe izin verin<\/h4>\n<pre><code class=\"language-text\">PasswordAuthentication no\r\n<\/code><\/pre>\n<h4>Fail2ban veya CSF kullan\u0131n<\/h4>\n<p>Yanl\u0131\u015f denemelerde IP\u2019leri otomatik banlar.<\/p>\n<h4>SSH ba\u011flant\u0131 deneme say\u0131s\u0131n\u0131 d\u00fc\u015f\u00fcr\u00fcn<\/h4>\n<pre><code class=\"language-text\">MaxAuthTries 3\r\n<\/code><\/pre>\n<h2>Sonu\u00e7 &#8211; SSH Port De\u011fi\u015ftirme<\/h2>\n<p><strong>Linux sunucularda SSH portunu de\u011fi\u015ftirmek<\/strong>, g\u00fcvenli\u011fi art\u0131rmak i\u00e7in at\u0131labilecek en basit ama etkili ad\u0131mlardan biridir.<br \/>\nBu i\u015flem sayesinde:<\/p>\n<ul>\n<li>Bot taramalar\u0131 b\u00fcy\u00fck oranda engellenir<\/li>\n<li>Brute force sald\u0131r\u0131lar\u0131 azal\u0131r<\/li>\n<li>Root eri\u015fim denemeleri minimuma iner<\/li>\n<li>Sunucu daha g\u00fcvenli hale gelir<\/li>\n<\/ul>\n<p>Ancak unutulmamal\u0131d\u0131r ki <strong>SSH port de\u011fi\u015fikli\u011fi tek ba\u015f\u0131na yeterli de\u011fildir<\/strong>.<br \/>\nFirewall, Fail2ban, SSH key ve do\u011fru kullan\u0131c\u0131 politikalar\u0131 ile birlikte uygulanmal\u0131d\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linux sunucularda g\u00fcvenli\u011fi art\u0131rman\u0131n en temel ad\u0131mlar\u0131ndan biri SSH portunu de\u011fi\u015ftirmektir. Varsay\u0131lan olarak SSH servisi 22 numaral\u0131 port \u00fczerinden \u00e7al\u0131\u015f\u0131r ve bu port, brute force sald\u0131r\u0131lar\u0131 ile bot taramalar\u0131n\u0131n ilk hedefidir. SSH portunu de\u011fi\u015ftirmek; \u0130zinsiz eri\u015fim denemelerini azalt\u0131r Brute force ataklar\u0131n\u0131n b\u00fcy\u00fck k\u0131sm\u0131n\u0131 otomatik olarak engeller Root giri\u015f denemelerini en aza indirir Sunucunun sald\u0131r\u0131 y\u00fczeyini [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,1],"tags":[],"class_list":["post-279","post","type-post","status-publish","format-standard","hentry","category-linux-genel","category-linux"],"_links":{"self":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/comments?post=279"}],"version-history":[{"count":2,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/279\/revisions"}],"predecessor-version":[{"id":281,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/posts\/279\/revisions\/281"}],"wp:attachment":[{"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/media?parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/categories?post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adveyer.com\/blog\/wp-json\/wp\/v2\/tags?post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}