SSH and Remote Access Ports: SSH (22), RDP (3389), VNC (5900)

Remote Access Port Numbers

Remote access protocols allow administrators and users to connect to machines over a network. Each protocol has different security characteristics.

Port 22 — SSH (Secure Shell)

SSH is the standard for secure remote access on Unix/Linux systems. It provides:

• Encrypted terminal access
• Secure file transfer (SCP, SFTP)
• Port forwarding and tunneling
• Key-based authentication

Security hardening for SSH:

# /etc/ssh/sshd_config
Port 22                    # Consider changing to a non-standard port
PermitRootLogin no         # Disable root login
PasswordAuthentication no  # Use key-based auth only
MaxAuthTries 3             # Limit login attempts

Port 3389 — RDP (Remote Desktop Protocol)

RDP is the standard for Windows remote desktop access. It provides a full graphical desktop experience.

Security concerns: RDP is a frequent target for brute-force attacks and ransomware. Always:

• Use Network Level Authentication (NLA)
• Restrict access via VPN or firewall rules
• Enable account lockout policies
• Consider using a non-standard port

Port 5900 — VNC (Virtual Network Computing)

VNC provides cross-platform graphical remote access. Unlike RDP, VNC is platform-independent.

Important: VNC traffic is often unencrypted by default. Always tunnel VNC through SSH:

ssh -L 5900:localhost:5900 user@remote-server

Port 23 — Telnet (Deprecated)

Telnet sends all data including passwords in plain text. Never use Telnet for remote access. Use SSH instead.