How to Change the SSH Port on Linux or Unix Server?

SSH Port on Linux

How to Change the SSH Port on Linux or Unix Server?

Posted on |
SSH Port on Linux

Objective

This article explains in detail how to change the SSH port on a Linux or Unix server. (ssh default port, change ssh port ubuntu, ubuntu change ssh port, how to change ssh port in centos, change ssh port centos, ssh port number in linux, ssh with port, default port for ssh, ssh with port number, port number for ssh, port number of ssh, port no of ssh)

INTRODUCTION

SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f HTTP or hypertext transfer protocol, which is the protocol used to transfer hypertext, such as web pages, etc.) and share other data in the dataservermarket.

The SSH service was created as a secure replacement for the unencrypted Telnet and uses cryptographic techniques to ensure that all communication to and from the remote server happens in an encrypted manner. It provides a mechanism for authenticating a remote user, transferring inputs from the client to the host, and relaying the output back to the client.

PROCEDURE

One of the most basic utilities of SSH protocol is the ability to access Unix shells on remote Linux machines and execute commands. However, SSH protocol can offer other implementations, such as the ability to create secured TCP tunnels over the protocol, to remotely and securely transfer files between machines or to act as an FTP like service.

The standard port used by the SSH service is 22/TCP. However, you might want to change the SSH default port in your Linux server, in order to achieve some kind of security through obscurity because the standard 22/TCP port is continuously targeted for vulnerabilities by hackers and bots on the internet.

The Default SSH Port Number

A port number is used to identify a process or an application that is communicating over a network. Any incoming data can be correctly forwarded to the application by using the relayed port number. Outgoing data can mention a port number so that the receiver can correctly identify the source of information. SSH server by default uses port 22.

One can easily change the SSH port on their Linux or Unix Server.

The ssh port is defined in the sshd_config file. This file located in /etc/ssh/sshd_config location.

The following are the steps involved:

  1. Open the terminal application and connect to your server via SSH.
  2. Locate the sshd_config file by typing the find command.
  3. Edit the sshd server file and set the Port option.
  4. Save and close the file.
  5. Restart the sshd service to change the ssh port in Linux.

I have discussed every single possibility at every step here. Just stick with me. You mustn’t get overwhelmed and take it one step at a time.

Locate sshd_config file by typing the following command

$ find / -name “sshd_config” 2>/dev/null

For the find command try to locate sshd server config file named sshd_config. I added the 2&gt/dev/null at the end to hide find command permission denied messages warning/spam.

Edit the file and set Port option

Type the following command:

$ sudo vi /etc/ssh/sshd_config

Locate the line that reads as follows:

Port 22

OR

#Port 22

To set the port to 2222, enter:

Port 2222

Save and close the file

Please note that port numbers 0-1023 are reserved for various system services. Hence, I recommend choosing port numbers between 1024 and 65535. Here is a common list of privileged services and designated as well-known ports:

PortProtocolService
20tcpftp-data
21tcpftp server
22tcpssh server
23tcptelnet server
25tcpemail server
53tcp/udpDomain name server
69udptftp server
80tcpHTTP server
110tcp/udpPOP3 server
123tcp/udpNTP server
443tcpHTTPS server

Use the cat command/grep command/egrep command to see internet network services list:

cat /etc/services

less /etc/services

more /etc/services

grep -w ’22/tcp’ /etc/services

grep SSH /etc/services

grep -w ’80/tcp’ /etc/services

egrep -w ‘(80|443|110|53)/tcp’ /etc/services

A note about SELinux users

You must type the following command to change port to 2222:

# semanage port -a -t ssh_port_t -p tcp 2222

Updating your firewall to accept the ssh port 2222 in Linux

If you are using UFW on a Ubuntu/Debian Linux, type:

$ sudo ufw allow 2222/tcp

The syntax for iptables is as follows

$ sudo /sbin/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 2222 -j ACCEPT

The syntax for pf firewall is as follows (FreeBSD/OpenBSD/NetBSD Unix) in your pf.conf:

pass log on $ext_if proto tcp to any port 2222 keep state

To open the new port run the following commands on Fedora/CentOS/RHEL/Oracle Linux using FirewallD

$ sudo firewall-cmd –permanent –zone=public –add-port=2222/tcp

$ sudo firewall-cmd –reload

Warning

You must update your firewall settings in order to accept the new port of SSH. Otherwise, the following command shall lock down your SSH access.

Restart the sshd service

Type the following command on a CentOS/RHEL/Fedora Linux:

$ sudo service sshd restart

OR if you are using CentOS/RHEL/Fedora Linux with systemd:

$ sudo systemctl restart sshd

OR if you are using Ubuntu/Debian/Mint Linux:

$ sudo service ssh restart

OR if you are using Ubuntu/Debian/Mint Linux with systemd:

$ sudo systemctl restart ssh

Or if you are using FreeBSD Unix, enter:

$ sudo service sshd restart

How to verify that TCP port 2222 opened

Use the netstat command or ss command:

ss -tulpn | grep 2222

netstat -tulpn | grep 2222

How to use the new SSH port with command line

The syntax is:

ssh -p {port} user@server

sftp -P {port} openssh-server

scp -P {port} source target

scp -P {port} /path/to/foo user@server:/dest/

cONCLUSION

This blog has explained how you can change the SSH port on both Linux and Unix-like systems. It also included the ssh command-line option for connecting the server.

I hope I’ve shown you how easy it is to change the SSH port on Linux or Unix Server.

Leave a Reply

Your email address will not be published. Required fields are marked *