@2023 - All Right Reserved.

Home Learn Linux How to change your SSH port in Linux

How to change your SSH port in Linux

Customizing the SSH port can bolster your Linux server's security. Our detailed tutorial walks you through every step, ensuring your remote logins remain shielded from threats.

by Arun Kumar
By Arun Kumar
change your ssh port in linux

Linux enthusiasts know the joy of customizing their system to meet their needs. One of the most gratifying ways to do this is by changing the default SSH port on your Linux server. This modification gives a genuine sense of control and allows you to fine-tune your system to your specifications. With this change, you can ensure that your server is more secure and less vulnerable to unauthorized access.

Why bother changing the default SSH port?

Let’s ponder over this for a moment. Why go through the trouble?

  1. Security through obscurity: It’s not a magic shield, but it does add a layer of obscurity that can ward off some automated scans and attacks targeting the default port 22.
  2. Steer clear of traffic jams: On a busy server, changing the port can aid in traffic management and reduce confusion.
  3. A personal touch: Sometimes, you just want to set things up your way. I’ve always preferred a less trodden path, even when it comes to ports.

Understanding the basics: the commands we’ll use

Embarking on this journey requires us to be acquainted with a few trusty commands:

nano (or vi, if you’re feeling adventurous): A text editor that works from the command line. I lean towards nano; it’s straightforward and gets the job done.

    • General syntax: nano [filename]

systemctl: This is your go-to for managing system services.

    • General syntax: systemctl [command] [service]

1. Diving into the SSH configuration file

We begin by opening the SSH configuration file with the nano editor.

sudo nano /etc/ssh/sshd_config

This command leverages sudo for elevated privileges and brings up the sshd_config file in nano. Inside, you’ll find a plethora of settings.

Sample output might look something like this:

#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
...

2. The art of altering the port

Within this configuration file, look for the line #Port 22. This line holds the key to your SSH port setting.

  1. First, remove the # to bring the line into play.
  2. Next, change 22 to your desired port, say 2222.

The modified line should read:

Port 2222

3. Saving your progress

After the change, save the file. In nano, you can do this by pressing CTRL + O, then CTRL + X to exit. With vi, it’s :wq.

4. Keeping the firewall in the loop

If you’re using a firewall, it’s crucial to let it know about your new SSH port.

For ufw, for example, the command is:

sudo ufw allow 2222/tcp

And the firewall will respond with:

Rule added
Rule added (v6)

5. Restarting the SSH service

With the changes made, you’ll need to restart the SSH service.

sudo systemctl restart sshd

Put your new setup to the test

Don’t take a break just yet. Test your new SSH port by initiating a connection:

ssh -p 2222 your_username@your_server_ip

If you’ve followed along correctly, you’ll be welcomed into your server on the new port.

A stitch in time saves nine

  1. Test before you exit: Always test your new port in a new session before logging out of the current one. This way, you won’t lock yourself out.
  2. Backup: I cannot stress enough—backup your configuration files before any changes.
  3. Security is multi-layered: Changing the SSH port is not an all-encompassing solution. Use it as part of a broader security strategy.

Frequently Asked Questions (FAQ) about changing the SSH Port in Linux

In the course of my Linux tinkering journey, I’ve been approached with a variety of questions about the SSH port change. Here’s a compilation of the most common queries and their answers:

1. Is changing the SSH port a foolproof security measure?

Answer: No, it isn’t. Changing the SSH port is more about “security through obscurity.” It can deter automated bots from constantly pinging port 22, but it shouldn’t be your only security measure. Using strong passwords, disabling root login, and setting up SSH keys are more robust security practices.

2. Can I set the SSH port to any number I like?

Answer: While you have a range from 0 to 65535 to choose from, not all ports are up for grabs. Ports below 1024 are “well-known” ports, designated for common services (like port 80 for HTTP). It’s generally a good idea to choose ports above 1024 and ones that aren’t commonly used for other services.

3. I changed the SSH port, but now I can’t connect! What did I do wrong?

Answer: There could be multiple reasons:

  • The port might be blocked by a firewall. Ensure you’ve adjusted firewall rules accordingly.
  • You may have mistyped the port number in the configuration file. Double-check it.
  • Always test the new port in a separate session before ending the current one. This way, if something goes wrong, you still have access to fix it.

4. Does changing the SSH port significantly impact server performance?

Answer: Not at all! Changing the port is just like changing the door number of your house. It doesn’t affect how things function inside.

5. If I forget my new SSH port, is there a way to recover it without accessing the server directly?

Answer: Unfortunately, if you’re trying to SSH remotely and have forgotten the port, there’s no direct way to retrieve it without some form of access to the server. It’s crucial always to document such changes. If you have physical or other remote access methods to the server, you can check the /etc/ssh/sshd_config file to find the set port.

6. Can I set up SSH to listen on multiple ports?

Answer: Absolutely! In the sshd_config file, you can specify multiple port lines. For instance:

Port 2222
Port 2223

This setup would have SSH listening on both ports 2222 and 2223.

7. I’m using a GUI tool for SSH. How does the port change affect me?

Answer: GUI tools for SSH, like PuTTY, have an option to specify the port number. If you’ve changed the SSH port on your server, ensure you update the port number in your GUI tool as well.

Bringing it all together

Throughout our discussion, we delved into the intricacies of altering the default SSH port on a Linux system. We uncovered the reasons behind such a change, emphasizing the blend of security through obscurity, traffic management, and personal preferences.

Walking step by step, we looked at commands essential for this change, from editing the configuration file to restarting the SSH service and making necessary firewall adjustments. We also explored frequent questions from Linux enthusiasts, emphasizing the importance of a multi-faceted security approach and understanding the broader implications of system tweaks.

In essence, changing the SSH port stands as a testament to Linux’s flexibility, but always requires careful consideration and execution.

You may also like

How to Use Systemctl to List All Services...

How to find the largest directories in Linux

How to Manipulate and Convert Epoch Time in...

How to Use Curl Command in Linux: From...

How to use ifconfig command in Linux

How to use the chown command in Linux

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.


FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

More About Us

MORE FROM US

Follow Us

Facebook Rss Envelope

Subscribe

Newsletter Subscribe
©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.

@2023 - All Right Reserved.