Overview
In the following article we’ll be going through the steps on how to change SSH port on Linux and establish the connection from the Linux SSH client(openssh) by using the port number we changed.
In another words we want to change the default SSH port on Linux(port number 22) and using an uncommon port number for the SSH connection in order to tighten the security access on our Linux server.
On another note, related to this topic, we also covered the procedure how to setup a paswordless SSH connection. You can check out the steps on this POST.
If you are a System Administrator or Linux power user, then you must use SSH to connect to the remote server. The SSH package is pre-installed on most Linux distributions, or it can be easily installed from the official repository.
The default port for SSH deamon is 22. For security reasons, It is always good practice to change the default port, especially for the SSH server. By modifying the SSH port, you can reduce the number of brute force attacks.
*** Prerequisites ***
User account with sudo privileges.
Any Linux distributions.
Change SSH Port on Linux
You can change the default SSH port by editing sshd_config file located in the /etc/ssh directory. Edit the sshd_config file using any text editor with root user or with sudo privileges, as shown in the below command:
sudo vim /etc/ssh/sshd_config
Next, search the following line:
#Port 22
change ssh port on linux
On Linux, You can select any port between 0 and 65535, but many well-known services run on pre-defined ports between 0 and 1024. So make sure to select a new SSH port higher than 1024.
Now, remove the hash (#) and enter any desired port, In this example, you have set new port 7022.
Port 7022
change SSH port on Linux
Update the firewall configuration
Most Linux servers have a running firewall, So before applying SSH changes you need to allow a new port according to your firewall.
For Ubuntu/Debian
In Ubuntu/Debian, UFW is the default firewall. Execute the below command to add a new SSH port:
ufw allow 7022/tcp
ufw reload
On RHEL/CentOS/Rocky Linux-based operating systems, you need to open a new port using the firewall-cmd command:
firewall-cmd --permanent --zone=public --add-port=7022/tcp
firewall-cmd --reload
Next, execute the below command If your system running IPtables:
sudo iptables -A INPUT -p tcp --dport 7022 -j ACCEPT
service iptables save
Apply the changes and verify the new port
After opening a new SSH port in the firewall, you need to restart the SSH daemon to apply changes:
sudo systemctl restart sshd
Small note on restarting the SSH service, but rather important one - before restarting the the SSH service, don’t close/exit from your current active ssh session to your server. Leave it active just in case, if by any chance you get yourself locked out by accident so that you can edit the sshd_config again and correct the mis-configuration.
Next, verify the new SSH port using the below command:
ss -ntlp | grep ssh
Output:
root@ubuntu:~# ss -ntlp | grep ssh
LISTEN 0 128 0.0.0.0:7022 0.0.0.0:* users:(("sshd",pid=13184,fd=3))
LISTEN 0 128 [::]:7022 [::]:* users:(("sshd",pid=13184,fd=4))
Here, you can see that your SSH server service now running on new port 7022.
Connect to the SSH server with the new port number
You can connect to the SSH server using the new port from your client system by running the following command:
Syntax:
ssh -p new_port root@your_server_IP_address
Here,
ssh -p 7022 [email protected]
Congratulations! You are now connected to the SSH server using a new port.
Summary
In this short and simple tutorial, we demonstrated the steps on how to change the SSH port on Linux and how to connect from your SSH client system using a new port without getting blocked by your firewall. You are welcome to ask me if you have any queries.
Thank you very much for your time…
