Verified Methods to Change SSH Port in Linux
01 April, 2024 by

How to Change SSH Port in Linux

SSH listens on port 22. If you have it by default, hackers may be able to attack the server through port 22, take control of it, or cause irreparable damage to it.

To change the default SSH port in Linux Ubuntu, Debian, and CentOS, the below steps are required mainly:

  • Executing sudo nano /etc/ssh/sshd_config command to open SSH configuration file.
  • Find the #Port 22 to uncomment it and change the number to your considered port number.
  • Apply the changes you have made by restarting the SSH service. Use ssh -p New Port Number user@host to do this.

Notes You Should know before Changing Linux SSH Port

  • It is better to specify a 4 or 5 digit port. Also, remember to use a free SSH port.
  • If a firewall is used in the data center network, make sure to inform the data center of the desired port to open it.
  • Be sure to write down the port you want to allocate to SSH.
  • Be careful to change the SSH port as any mistake may cause you to have trouble accessing the server.
  • If you do not use SELinux, you should disable it to prevent any issues with the function of your server.

Prerequisites to Change SSH Port on Linux

To let this tutorial work correctly, provide the options below and move on.

  • A Server running Linux VPS.
  • A non-root user with sudo privileges.
  • SSH client/Terminal Window.

How to Change SSH Port in Linux Ubuntu, Debian, and CentOS

Regardless of using Ubuntu, Debian, or CentOS, you can use the below steps and change the SSH Port in Linux.

Step 1: Open the /etc/ssh/sshd_config File

Use nano or your favorite text editor to open the /etc/ssh/sshd_config configuration file:

$ sudo nano /etc/ssh/sshd_config

Login to sshd to change ssh port

Step 2: Find the line containing “Port 22”

Find the line marked #Port 22. This line must be uncommented and the number must be changed to the port number you prefer.

For example, to change the port number to 14252, act like this:

From:
#Port 22

To:
Port 14252

Look for the line containing Port 22

Step 3: Save and Exit

Save the changes you have made and exit by running the command below:

$ sudo systemctl restart sshd

Run the command below to access the SSH server, specifying the port number you prefer:

ssh user@ip_address_of_server -p 14252

On Debian, type:

service ssh restart

Once the server is ready, you can easily connect to the server through Putty and the new port number should be used instead of port 22.

This time you are more secure than the last connection.

Step 4: Test Your New Port

You can attempt SSH on the new port to confirm everything is operational.

Use the following command to tell the client to use a different port than the default 22:

$ ssh -p 14252 user@localhost

Optional: To verify SSH is listening on the new port, run:

ss -tnlp | grep ssh

If everything is working well, you are ready to start a new SSH session on your new chosen port.

Step 5: Allow traffic to the new port [On Ubuntu]

Ubuntu is pre-installed with the UFW firewall.

Use the following command to allow traffic to the new port if you are using UFW firewall.

$ sudo ufw allow 14252/tcp

Step 6: Add the new Port to your Firewall [On CentOS]

Although UFW is not used by CentOS by default, if you do have it installed, be sure to run the following UFW command.

By default, CentOS employs firewalld and SELinux.

It will be necessary to create an exception to permit SSH access on the recently set port:

Run the command below to check whether SELinux is enabled or not:

# sestatus

To add a new port number for SSH, you can use the semanage tool:

# semanage port -a -t ssh_port_t -p tcp 14252

Then, in firewalld’s configured zone (“public” by default), add the new port:

# firewall-cmd --zone=public --add-port=14252/tcp --permanent

Add the new Port to your CentOS Firewall

Finally, run the command below to complete the changes:

# firewall-cmd --reload

Additional Notes:

  • Since Ubuntu is based on Debian, other Debian-based systems, such as Linux Mint, can also use the same procedures.
  • Fedora and other Linux distributions can use its instructions because CentOS is based on Red Hat.

Conclusion

You can easily change the SSH port through the “sshd_config” file.

It helps to increase security, customize your system configuration, and manage server traffic.

Check to add the new port number to your firewall before you apply the new setting to prevent any disruption in the function of the server.

Leave a Reply

Your email address will not be published. Required fields are marked.