If you’re a Linux user like me, you’ve probably used SSH (Secure Shell) to establish connections with other machines. It’s an incredibly useful tool that provides a secure and efficient way of remotely accessing a machine’s shell. However, when connecting to an SSH server, you may not always find it running on the default port 22. In some cases, the server administrator may have configured it to run on a different port to enhance security and prevent unauthorized access.
Therefore, it is essential to know how to connect to an SSH server running on a non-standard port. The process is relatively straightforward and involves specifying the port number along with the server address when establishing the connection. Let’s dive into this!
Understanding SSH and its default port
SSH is the bread and butter for anyone needing secure remote access to Linux servers. By default, SSH listens on port 22. However, for various reasons such as security through obscurity or port conflicts, administrators often change this.
Why use an alternate port?
Before I show you how to connect using a different port, let’s briefly talk about why. Changing the default SSH port can reduce the noise from automated scans and potential brute-force attacks. It’s not a silver bullet for security but can be part of a larger strategy.
Checking the SSH service status
First things first, ensure that SSH is running on your Ubuntu machine:
sudo systemctl status ssh
If it’s not active, start it with:
sudo systemctl start ssh
Finding the SSH port
If you’re not sure which port SSH is listening on, you can find it using this command:
sudo netstat -tnlp | grep sshd
Connecting to SSH on an alternate port
Now, the fun part! To connect to a server on a different port, use the
-p flag followed by the port number. Here’s a simple format:
ssh -p [port_number] [username]@[server_ip_address]
For instance, if your SSH server is on port 2222, and you’re trying to connect as user
john to a server with IP
192.168.1.10, you’d use:
ssh -p 2222 email@example.com
You’ll see something like this:
The authenticity of host '[192.168.1.10]:2222 ([192.168.1.10]:2222)' can't be established. ECDSA key fingerprint is SHA256:NhXREZgk0...3b3Y. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[192.168.1.10]:2222' (ECDSA) to the list of known hosts. firstname.lastname@example.org's password:
After entering your password, you should be logged in!
Configuring the firewall to access SSH via an alternate port
Alright, now that you know how to connect to SSH on an alternate port, there’s a crucial step we shouldn’t overlook – configuring the firewall. If you’re like me, you might have skipped this step initially and spent hours scratching your head over why the connection was not working!
Why is firewall configuration important?
When you change the SSH port, the firewall rules that allowed traffic on port 22 won’t apply to the new port. Without proper configuration, the firewall will block attempts to connect to SSH on this new port.
Configuring the firewall in Ubuntu
Ubuntu typically uses
ufw (Uncomplicated Firewall) for managing firewall rules. Here’s how you can allow traffic on your new SSH port.
Check current status
First, check the status of
sudo ufw status
Allowing the new port
Suppose you’ve changed your SSH port to 2222. You’ll need to allow this port through the firewall:
sudo ufw allow 2222/tcp
This command tells
ufw to allow TCP traffic on port 2222.
Applying the changes
After updating your rules, you might need to reload
ufw to apply the changes:
sudo ufw reload
Verifying the rules
Finally, check if the new rule is added:
sudo ufw status
You should see something like
2222/tcp ALLOW Anywhere in the output, indicating that traffic on port 2222 is now allowed.
Troubleshooting common issues
- If the connection still fails, ensure that
ufwis running and the rules are correctly applied.
- Also, double-check if there are any other network devices like routers or cloud firewalls that might be blocking the new port.
- Incorrect port number: Double-check the port number SSH is listening on the server.
- Server configuration: Verify the SSH configuration file (
/etc/ssh/sshd_config) for any specific settings.
Adding an alternate port to the SSH config file
Great, we’ve covered how to connect to an SSH server using an alternate port and setting up the firewall. But, there’s a nifty trick that can make your life even easier – adding the alternate port to your SSH configuration file. This is particularly useful if you frequently connect to the same server.
Why edit the SSH config file?
Editing the SSH config file allows you to set default options for SSH connections, such as the port number, which saves you from typing the
-p option every time. It’s a real time-saver and a feature I personally love for its convenience.
Locating the SSH config file
The SSH client configuration is usually found at
~/.ssh/config on your local machine. If the file doesn’t exist, you can create it.
Editing the SSH config file
Here’s how to add an entry for your server with an alternate port:
- Open the config file:
You can use any text editor like
- Add the following lines:Replace
2222with your server’s details and the new SSH port.
Host YourServerAlias User your_username HostName server_ip_or_hostname Port 2222
Host myserver User john HostName 192.168.1.10 Port 2222
- Save and close the file:In
nano, you do this by pressing
CTRL + X, then
Yto confirm, and
Connecting using the config file
Now, instead of typing the full SSH command with the
-p option, you can connect to your server simply by typing:
For our example:
Benefits of this method
- Simplicity: You no longer need to remember the port number or the full IP address.
- Efficiency: It saves time, especially when managing connections to multiple servers.
- Customization: You can set more than just the port; other options like
IdentityFilefor specific SSH keys can also be defined per host.
A note of caution
Be careful when editing the SSH config file. An incorrect configuration can lead to connection issues. Always keep a backup of your original config file.
the key to a great SSH experience is a combination of security, convenience, and efficiency. By changing the default port, configuring your firewall appropriately, and setting up your SSH config file, you’re not just securing your connections, you’re also tailoring the experience to fit your needs.
I hope this guide has been helpful to you. If you’ve got any questions or want to share your own SSH tips and tricks, feel free to drop a comment below. Happy SSHing, and stay tuned for more Linux insights!