This article is going to explain how to change the SSH port in Linux. We will see how to allow that port into the firewall.
SSH (Secure Shell) is a network protocol that is used to access remote systems securely. The default standard port is 22 which SSH listens. We can change it anytime by updating in configuration. It’s important to change it to a non-standard port to increase security and reduce SSH attacks.
It’s the best approach to allow only trusted IP of systems to access the SSH port to prevent any kind of attacks. To tighten the Security you can also enable just key-based authentication and disable password authentication.
Changing the SSH Port
It’s quite easy to change the SSH port. All we need to do is update the SSH config file with a new non-standard port and reload the service.
The following steps will help us to achieve how to change the SSH Port on a Linux system.
1. Choosing a New Port Number
As a basic concept of Linux, some ports are already reserved those are from 1-1024. These represent well-known services something like HTTP(S), DNS, Postfix, or many others. So it’s recommended to use port above 1024 to avoid any further issues in the future with any other service.
In this tutorial, we will change the SSH port from default 22 to 2409, it’s on you to choose any port while following the tutorial.
2. Adjusting Firewall
You must need to allow the port first in the firewall before making changes to SSH configuration so that the new port can accept the connection.
If you are on Ubuntu server, you are having UFW as the default firewall. So allow the port to UFW, Run the below command:
sudo ufw allow 2409/tcp
In CentOS based server, the default firewall tool is firewalld. So to open a new port in the firewall run the following command:
sudo firewall-cmd --permanent --zone=public --add-port=2409/tcp
CentOS users also need to adjust the SELinux rules:
sudo semanage port -a -t ssh_port_t -p tcp 2409
It might be possible you are using or having iptables as your firewall on CentOS, So to open a new port in iptables, run the following command:
sudo iptables -A INPUT -p tcp --dport 2409 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
3. Configuring SSH
We have allowed the new port into the firewall and now we are ready to change the SSH config file /etc/ssh/sshd_config. So open your favorite text editor either nano or vim, I am handy with vim so just run the below command:
sudo vim /etc/ssh/sshd_config
Now locate for the line Port 22, by default, the line is commented (starting with #) so just uncomment (remove the #) and replace the port 22 with 2409 port.
Port 2409
The line should look like the above. But be careful because any incorrect changes can cause to fail the SSH service to start.
When done with changes, save the file to do that press esc button and type :wq! and now on Ubuntu restart the SSH service by below command to apply the changes:
sudo systemctl restart ssh
In CentOS the ssh service can be restarted by the below command as here it is named sshd:
sudo systemctl restart sshd
To verify if now SSH service is listening on new port 2409, run the below command:
netstat -tupln | grep 2409
You should see something like this.
tcp 0 0 0.0.0.0:2409 0.0.0.0:* LISTEN 6377/sshd
Using the New SSH Port
Now to connect the server to a new port you should specify the port in ssh command using this -p <port_number> option see below as full command :
ssh -p 2409 username@remote_host_or_ip
Conclusion
In this article, we have gone through some steps to understand how to change the SSH port on a Linux server. To enhance security its recommended setup an SSH key-based authentication and disable password-based authentication. It will allow you login without entering a password.
For any query leave a comment.