List of content you will read in this article:
Security is more important than ever as attackers are developing more and more. Changing the default SSH port is one of the main security actions that you can do to boost your server’s security. As the default SSH port number is widely known, it can be a security risk. For boosting your Linux server’s security, we decided to help you if you don’t know how to change the SSH port in Linux. So, we prepared an easy step-by-step guide for you. First, we will give you some basic information on SSH protocol and the reasons for its importance. You can skip it and just start with the tutorial.
About the SSH Port
SSH (Secure Shell) is a protocol that is used for secure remote server access and management. We’re talking about the network port that an SSH server uses to listen for incoming connections. Many people know that the default port is 22, so many system administrators decide to change the SSH port in Linux and other operating systems to a less-known one to enhance security. In this way, the automated attacks will be less. Changing the SSH port is only one layer of security and you need more security actions to prevent dangerous attacks.
Why Change the Default Port?
There are many reasons to change SSH port. By default, SSH uses a common port number (port 22) which attackers know. Changing the default SSH port improves server security and lowers the danger of attacks like Brute Force attempts. Brute force attacks involve continuously trying to figure out login information, credentials, and encryption keys to get access.
SSH services use port 22 by default, making them an obvious target for hackers. Changing the port makes it considerably more difficult for attackers to identify and take advantage of since they must check various ports. This easy procedure provides an additional degree of protection for your server.
How to Change SSH Port in Linux
Before you start the process of changing the SSH Port in Linux, ensure you have the following prerequisites:
Prerequisites:
- Root access or admin rights: You must have admin or sudo access on the server. This level of access is needed to edit system files, including the SSH configuration file, and to restart services such as'sshd'. Without these privileges, you will be unable to make the necessary adjustments.
- A terminal window or SSH client: To connect to the server, you'll need a window for the terminal or an SSH client. This may be the built-in terminal on Linux or macOS, or an SSH client like PuTTY if you're running Windows. You'll use the terminal to connect to the server remotely and execute the relevant commands.
- Basic Understanding of Command-Line Editing and Linux File System Structure: Understanding fundamental command-line operations is critical. You should be experienced in exploring the file system, modifying configuration files with text editors (such as 'vi', 'nano', or 'vim'), and running Linux commands. During the process, you will need to understand how directories are formed as well as how to save and close files.
1- Connect to Your Server
Open your terminal and connect to your server via SSH using the following command:
ssh {user-name}@{server-ip}
2- Locate the SSH Configuration File
The SSH configuration file, named `sshd_config`, is where you'll set the new port. To find it, use the `find` command:
find / -name "sshd_config" 2>/dev/null
This will output the file location, which is typical `/etc/ssh/sshd_config`.
3- Edit the SSH Configuration File
Open the `sshd_config` file with a text editor, such as `vi`:
sudo vi /etc/ssh/sshd_config
Locate the line that specifies the default port, which looks like this:
Port 22
If the line is commented out (starts with `#`), uncomment it by removing the `#`.
Replace `22` with your desired port number, e.g., `2222`:
Port 2222
Note: It's recommended to choose a port between 1024 and 65535, as ports 0-1023 are reserved for system services.
4- Update SELinux Settings (if applicable)
If you’re using SELinux, you’ll need to allow the new port. Run the following command to add the new port (e.g., `2222`):
semanage port -a -t ssh_port_t -p tcp 2222
5- Configure the Firewall
You must update your firewall to allow connections through the new SSH port.
For UFW (Ubuntu/Debian):
sudo ufw allow 2222/tcp
For iptables:
sudo iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
For Firewalld (CentOS/Fedora):
sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
sudo firewall-cmd --reload
6- Restart the SSH Service
To apply the changes, you need to restart the SSH service. Use the appropriate command based on your distribution:
For CentOS/RHEL/Fedora:
sudo systemctl restart sshd
For Ubuntu/Debian:
sudo systemctl restart ssh
For FreeBSD:
sudo service sshd restart
7- Verify the New Port
To ensure that the new SSH port is active, use the following command:
ss -tulpn | grep 2222
Alternatively, you can use `netstat`:
netstat -tulpn | grep 2222
8- Connect Using the New SSH Port
Now that you've changed the port, specify it when connecting to your server:
ssh -p 2222 {user-name}@{server-ip}
Simple Steps to Change SSH Port in CentOS, RHEL, and Fedora
Before altering the SSH port, ensure that SELinux, a security system commonly encountered in RHEL-based distributions such as CentOS, is up and running. To confirm its state, execute the following command:
sudo sestatus
If SELinux is enabled, the output will look like this, with the first line stating 'SELinux status: enabled'. If it isn't enabled, you can skip the SELinux-specific instructions and go to the last section.
If SELinux has been turned on, go to the next steps to configure the SSH port. First, use the semanage package to add the new port (in this case, port '3333') to SELinux's list of authorized SSH ports:
sudo semanage port -a -t ssh_port_t -p tcp 3333
Next, you need to configure the firewall to allow traffic through this new SSH port by adding it to the public zone of open port numbers:
sudo firewall-cmd --zone=public --add-port=3333/tcp --permanent
Finally, reload the firewall service to apply the changes:
sudo firewall-cmd --reload
Your SSH port change is now effective. Test the new port configuration to check it works as expected.
Change the SSH Port on Ubuntu, Debian, or Kali
If you're using Ubuntu or a Debian-based distribution, UFW may be already enabled. To enable SSH access on a different port, such as 2222, enter the following command into your terminal:
sudo ufw allow 2222/tcp
Easy, right? This is all you need to do to change the SSH port in Ubuntu. Now, you can test the connection with the new port.
Testing the New SSH Port
To test the new SSH port, close your current connection and reconnect with the revised port number. On your client system, open a terminal and type the following command:
ssh your-server-ip -p 3333
Replace `your-server-ip` with the actual IP address of your server, which you can find in your hosting provider's control panel.
Conclusion
If you’re looking for a way to boost your security for a Linux system, you need to change SSH port as the first step. We explained how to change the SSH port in Linux with easy steps. It is a simple but powerful process that can reduce dangerous attacks! Because it will be harder for hackers to guess your SSH port and find your server. But don’t forget, only changing the SSH port number is not enough for boosting security. You should combine this with other security actions for more protection.
FAQs
Why Should I Change the Default SSH Port?
There are several security reasons. Changing the default SSH port (22) reduces the danger of automated attacks, as bots typically use this port to exploit vulnerabilities. Moving SSH to a non-standard port provides a higher level of protection through obscurity.
What Is the Best Port to Choose When Changing the Default SSH Port?
When picking a new SSH port, choose one between 1024 and 49151. These ports tend to be non-privileged, which means they are less likely to interfere with important system services. To avoid interference, avoid using ports that are popularly connected with other services (such as 80 for HTTP and 443 for HTTPS).
Will Changing the SSH Port Affect My Server's Performance?
Don't worry, changing the SSH port will not harm your server's performance. The port number is similar to a house address for SSH; it has nothing to do with how quickly or effectively your server functions.
Co-founder with 13+ years of experience, I have played an integral part in our company's growth and success. Having developed strategic plans, secured funding, and managed teams. My involvement extends to overseeing operations, product development, and industry representation, reflecting my versatile role in the business and commitment to its continued prosperity.