This article is going to explain how to change the SSH port in Linux. We will see how to allow that port into the firewall.
SSH (Secure Shell) is a network protocol that is used to access remote systems securely. The default standard port is 22 which SSH listens. We can change it anytime by updating in configuration. It’s important to change it to a non-standard port to increase security and reduce SSH attacks.
It’s the best approach to allow only trusted IP of systems to access the SSH port to prevent any kind of attacks. To tighten the Security you can also enable just key-based authentication and disable password authentication.
Changing the SSH Port
It’s quite easy to change the SSH port. All we need to do is update the SSH config file with a new non-standard port and reload the service.
The following steps will help us to achieve how to change the SSH Port on a Linux system.
1. Choosing a New Port Number
As a basic concept of Linux, some ports are already reserved those are from 1-1024. These represent well-known services something like HTTP(S), DNS, Postfix, or many others. So it’s recommended to use port above 1024 to avoid any further issues in the future with any other service.
In this tutorial, we will change the SSH port from default
2409, it’s on you to choose any port while following the tutorial.
2. Adjusting Firewall
You must need to allow the port first in the firewall before making changes to SSH configuration so that the new port can accept the connection.
If you are on
Ubuntu server, you are having UFW as the default firewall. So allow the port to UFW, Run the below command:
sudo ufw allow 2409/tcp
CentOS based server, the default firewall tool is
firewalld. So to open a new port in the firewall run the following command:
sudo firewall-cmd --permanent --zone=public --add-port=2409/tcp
CentOS users also need to adjust the SELinux rules:
sudo semanage port -a -t ssh_port_t -p tcp 2409
It might be possible you are using or having iptables as your firewall on
CentOS, So to open a new port in iptables, run the following command:
sudo iptables -A INPUT -p tcp --dport 2409 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
3. Configuring SSH
We have allowed the new port into the firewall and now we are ready to change the SSH config file /etc/ssh/sshd_config. So open your favorite text editor either nano or vim, I am handy with vim so just run the below command:
sudo vim /etc/ssh/sshd_config
Now locate for the line
Port 22, by default, the line is commented (starting with
#) so just uncomment (remove the
#) and replace the port
The line should look like the above. But be careful because any incorrect changes can cause to fail the SSH service to start.
When done with changes, save the file to do that press
esc button and type
:wq! and now on
Ubuntu restart the SSH service by below command to apply the changes:
sudo systemctl restart ssh
CentOS the ssh service can be restarted by the below command as here it is named
sudo systemctl restart sshd
To verify if now SSH service is listening on new port 2409, run the below command:
netstat -tupln | grep 2409
You should see something like this.
tcp 0 0 0.0.0.0:2409 0.0.0.0:* LISTEN 6377/sshd
Using the New SSH Port
Now to connect the server to a new port you should specify the port in
ssh command using this
-p <port_number> option see below as full command :
ssh -p 2409 [email protected]_host_or_ip
In this article, we have gone through some steps to understand how to change the SSH port on a Linux server. To enhance security its recommended setup an SSH key-based authentication and disable password-based authentication. It will allow you login without entering a password.
For any query leave a comment.