How to Change the SSH Port in Linux
“SSH” is an acronym for “Secure Shell.” This protocol establishes a secure connection with a remote server or system. In the sense of data transfer between the host and client, SSH is secure in that it encrypts the data. To simplify, the client input is transferred to the host, and the host output is relayed back to the client. The SSH protocol runs on port 22 of TCP/IP. Here, we will demonstrate how to change the SSH port in this tutorial, So let’s begin.
Step 1: Getting your Linux system up and running
VPSie offers a wide range of Linux distributions you can choose according to your requirements. If you already have one, you can move on to Step 2.
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once logged into your Debian instance, run these commands to update your system.
Step 2: Select the New Port
Typically, Linux systems reserve port numbers below 1024 for their services. SSH can also be used on ports 1-1024, but it will be more effective if you choose a higher port than 1024. SSH service allows up to 65535 ports to be selected. 2244 is the port we are going to use for SSH. You may choose another port according to your preference.
Step 3: Configuring the firewall
Before changing your SSH port, you must adjust the server’s firewall to allow the new port. It will then let traffic through the new port.
- On Ubuntu systems: UFW is the default firewall tool. Run the following command to allow connections using the new SSH port:
# sudo ufw allow 2244
- You can open a port by executing the below command on a Linux server with iptables installed as a firewall:
# sudo iptables -A INPUT -p tcp --dport 2244 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- CentOS and RHEL: Use the following command to open a new port on machines using FirewallD, the default firewall management tool.
# sudo firewall-cmd --permanent --zone=public --add-port=2244/tcp # sudo firewall-cmd --reload
- Other Linux-based CentOS and RHEL distribution requirements include adjusting the SELinux rules to allow the new SSH port. Refer to the instructions below:
# sudo semanage port -a -t ssh_port_t -p tcp 2244
Step 4: Configuring SSH
SSH default ports are stored in the/etc/ssh/sshd_config file. You need to open the main SSH configuration file for editing.
# sudo nano /etc/ssh/sshd_config
Within the file, search for a line starting with Port 22. You should enter your new SSH port after removing the hash #. It should look like this.
Port 2244
Restart the SSH service,
# sudo systemctl restart ssh
In CentOS or RHEL use, the following command is required to restart it,
# sudo systemctl restart sshd
Run the command to see if the SSH daemon is hearing our new port,
# ss -an | grep 2244
Step 5: Using the new port to connect to SSH
When you use the SSH command with a new port, you have to specify the port number -p,
# ssh -p 2244 username@ip_address
We have successfully changed the SSH port on your Linux. Hopefully, you have found this helpful article and gained valuable information. Thank you for reading.
Changing the default SSH port can enhance the security of your Linux system by preventing automated attacks that target the default port.
To change the SSH port in Linux, you need to modify the SSH daemon configuration file located at /etc/ssh/sshd_config. First, remove the “#” symbol before the line that says “#Port 22” and change the port number to a unique number between 1024 and 65535 that isn’t being used by any other service. Save the changes, restart the SSH daemon using the command “sudo systemctl restart sshd,” and update your firewall rules if necessary.
To test whether the new SSH port is working, use an SSH client that allows you to specify the port number. If you’re using OpenSSH, include the “-p” option followed by the new port number in your command.
If you’re locked out of the system after changing the SSH port, you can still access it through the console or remote desktop. Once you’re back in, you can revert the changes you made to the SSH daemon configuration file or update your firewall rules to allow traffic to the new port.
