How to Change the SSH Port on Linux or Unix Server?
Posted on |
Objective
This article explains in detail how to change the SSH port on a Linux or Unix server. (ssh default port, change ssh port ubuntu, ubuntu change ssh port, how to change ssh port in centos, change ssh port centos, ssh port number in linux, ssh with port, default port for ssh, ssh with port number, port number for ssh, port number of ssh, port no of ssh)
INTRODUCTION
SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f HTTP or hypertext transfer protocol, which is the protocol used to transfer hypertext, such as web pages, etc.) and share other data in the dataservermarket.
The SSH service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.
PROCEDURE
One of the most basic utilities of SSH protocol is the ability to access Unix shells on remote Linux machines and execute commands. However, SSH protocol can offer other implementations, such as the ability to create secured TCP tunnels over the protocol, to remotely and securely transfer files between machines or to act as an FTP like service.
The standard port used by the SSH service is 22/TCP. However, you might want to change the SSH default port in your Linux server, in order to achieve some kind of security through obscurity because the standard 22/TCP port is continuously targeted for vulnerabilities by hackers and bots on the internet.
The Default SSH Port Number
A port number is used to identify a process or an application that is communicating over a network. Any incoming data can be correctly forwarded to the application by using the relayed port number. Outgoing data can mention a port number so that the receiver can correctly identify the source of information. SSH server by default uses port 22.
One can easily change the SSH port on their Linux or Unix Server.
The ssh port is defined in the sshd_config file. This file located in /etc/ssh/sshd_config location.
The following are the steps involved:
- Open the terminal application and connect to your server via SSH.
- Locate the sshd_config file by typing the find command.
- Edit the sshd server file and set the Port option.
- Save and close the file.
- Restart the sshd service to change the ssh port in Linux.
I have discussed every single possibility at every step here. Just stick with me. You mustn’t get overwhelmed and take it one step at a time.
Locate sshd_config file by typing the following command
$ find / -name “sshd_config” 2>/dev/null
For the find command try to locate sshd server config file named sshd_config. I added the 2>/dev/null at the end to hide find command permission denied messages warning/spam.
Edit the file and set Port option
Type the following command:
$ sudo vi /etc/ssh/sshd_config
Locate the line that reads as follows:
Port 22
OR
#Port 22
To set the port to 2222, enter:
Port 2222
Save and close the file
Please note that port numbers 0-1023 are reserved for various system services. Hence, I recommend choosing port numbers between 1024 and 65535. Here is a common list of privileged services and designated as well-known ports:
| Port | Protocol | Service |
| 20 | tcp | ftp-data |
| 21 | tcp | ftp server |
| 22 | tcp | ssh server |
| 23 | tcp | telnet server |
| 25 | tcp | email server |
| 53 | tcp/udp | Domain name server |
| 69 | udp | tftp server |
| 80 | tcp | HTTP server |
| 110 | tcp/udp | POP3 server |
| 123 | tcp/udp | NTP server |
| 443 | tcp | HTTPS server |
Use the cat command/grep command/egrep command to see internet network services list:
cat /etc/services
less /etc/services
more /etc/services
grep -w ’22/tcp’ /etc/services
grep SSH /etc/services
grep -w ’80/tcp’ /etc/services
egrep -w ‘(80|443|110|53)/tcp’ /etc/services
A note about SELinux users
You must type the following command to change port to 2222:
# semanage port -a -t ssh_port_t -p tcp 2222
Updating your firewall to accept the ssh port 2222 in Linux
If you are using UFW on a Ubuntu/Debian Linux, type:
$ sudo ufw allow 2222/tcp
The syntax for iptables is as follows
$ sudo /sbin/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 2222 -j ACCEPT
The syntax for pf firewall is as follows (FreeBSD/OpenBSD/NetBSD Unix) in your pf.conf:
pass log on $ext_if proto tcp to any port 2222 keep state
To open the new port run the following commands on Fedora/CentOS/RHEL/Oracle Linux using FirewallD
$ sudo firewall-cmd –permanent –zone=public –add-port=2222/tcp
$ sudo firewall-cmd –reload
Warning
You must update your firewall settings in order to accept the new port of SSH. Otherwise, the following command shall lock down your SSH access.
Restart the sshd service
Type the following command on a CentOS/RHEL/Fedora Linux:
$ sudo service sshd restart
OR if you are using CentOS/RHEL/Fedora Linux with systemd:
$ sudo systemctl restart sshd
OR if you are using Ubuntu/Debian/Mint Linux:
$ sudo service ssh restart
OR if you are using Ubuntu/Debian/Mint Linux with systemd:
$ sudo systemctl restart ssh
Or if you are using FreeBSD Unix, enter:
$ sudo service sshd restart
How to verify that TCP port 2222 opened
Use the netstat command or ss command:
ss -tulpn | grep 2222
netstat -tulpn | grep 2222
How to use the new SSH port with command line
The syntax is:
ssh -p {port} user@server
sftp -P {port} openssh-server
scp -P {port} source target
scp -P {port} /path/to/foo user@server:/dest/
cONCLUSION
This blog has explained how you can change the SSH port on both Linux and Unix-like systems. It also included the ssh command-line option for connecting the server.
I hope I’ve shown you how easy it is to change the SSH port on Linux or Unix Server.