How to Change SSH Port on Linux

In today’s digital age, securing server access is more crucial than ever. One effective method to thwart potential attackers is by altering the default SSH port. This article provides a comprehensive guide on how to safely make this change, ensuring not only a fortified security stance but also uninterrupted server access.

About the SSH Port

SSH (Secure Shell) is a protocol used primarily for secure remote server access and management. When we talk about the “SSH port,” we’re referring to the network port number on which an SSH server listens for incoming connections. By default, SSH servers listen on port 22. However, for security reasons, many system administrators choose to change this default port to another, less predictable number to help protect against automated attacks. Though it’s not mean that this is enough for comprehensive security, additional measures. 

Changing the SSH Port

Changing the default SSH port on a Linux system can add an additional layer of security against automated attacks. Here’s a step-by-step guide to help you make the change:

1. Backup the Configuration File. Before making any changes, it’s always a good practice to back up your SSH configuration file.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

2. Edit the SSH Configuration File. Open the SSHD configuration file with your preferred text editor. For this example, we’ll use nano.

sudo nano /etc/ssh/sshd_config

Sample Output:

3. Locate the Port Directive. Find the line that starts with Port. It should say Port 22 by default.

4. Change the Port Number. Edit the line to reflect your desired port number, preferably above 1024 to avoid conflicts with other standard services. For instance, to change it to port 2222, the line would look like:

Port 2222

5. Save and Close the File. If you’re using nano, press CTRL + O to write the changes, then press Enter, and CTRL + X to exit.

6. Adjust Firewall Rules. If you have a firewall enabled (like UFW or Firewalld), you’ll need to update its rules to allow connections on the new SSH port.

sudo ufw allow 2222/tcp

7. Restart the SSH Service. Apply the changes by restarting the SSH daemon.

sudo systemctl restart sshd

8. Test the New SSH Port. Before logging out of your current session, open a new terminal or SSH client and try connecting to the server using the new port to ensure everything works correctly:

ssh username@your_server_ip -p 2222

If you’re sure about your changes and the new port is working, and if you have a firewall enabled, consider closing the default port (22) to enhance security. Always be cautious when changing SSH settings, especially if you’re connecting remotely. Mistakes might lock you out of your server. Once you’re done, your Linux server will now accept SSH connections on the new port, enhancing its security against potential threats targeting the default port.

Conclusion

Looking to deploy Linux in the cloud? With Gcore Cloud, you can choose from Basic VM, Virtual Instances, or VPS/VDS suitable for Linux:

• Gcore Basic VM offers shared virtual machines from €3.2 per month
• Virtual Instances are virtual machines with a variety of configurations and an application marketplace
• Virtual Dedicated Servers provide outstanding speed of 200+ Mbps in 20+ global locations

Choose an instance