How to change the default SSH port

In this How-To article we’re going to walk you though changing the default SSH server listening port on a Linux system and security harden your host.

How to change the deafult SSH port

In this How-To article we’re going to walk you through changing the default SSH server listening port on a Linux system.

The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH server listening port will stop many automated attacks and a bit harder to guess which port SSH is accessible from. The attacker should execute a nmap like scan against your host to discover the port SSH service listens. So changing the default SSH port has no meaning on private networks, but maybe it’s useful and it’s a simple security hardening technique on public accessible hosts.

There are more simple hardening techniques you can find on the security section.

In case you decided that you need to change the default SSH port then follow the steps below.



Steps to follow to change the default SSH port




Step1

Either as root user or as a sudo capable user, use your favorite text editor  to edit the sshd configuration file. I am using the vi editor.

vi /etc/ssh/sshd_config

 Step2

Edit the line which states ‘Port 22’. But before doing so, you’ll want to read the note below. Choose an appropriate port, also making sure it not currently used on the system. I would suggest to use a mnemonic port, like port 22222 and to use the same port to all your publicly accessible hosts, in order not to lookup which port uses which host for ssh.

# What ports, IPs and protocols we listen for
 Port 22222

Step3

Switch over to the new port by restarting SSH service.

for ubuntu and centos 6 or redhat 6 you can use:

service sshd restart

for centos 7 or redhat 7 you can use:

systemctl restart sshd

and for debian you can use

/etc/init.d/ssh restart

Step4

Verify SSH is listening on the new port by either using telnet or connecting to it. Note how the port number now needs to be declared.

telnet hostname 22222
ssh username@hostname.com -p 22222

Leave a Reply

Your email address will not be published. Required fields are marked *

Prove me that you are not a robot :) * Time limit is exhausted. Please reload the CAPTCHA.