In this How-To article we’re going to walk you through changing the default SSH server listening port on a Linux system.
The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH server listening port will stop many automated attacks and a bit harder to guess which port SSH is accessible from. The attacker should execute a nmap like scan against your host to discover the port SSH service listens. So changing the default SSH port has no meaning on private networks, but maybe it’s useful and it’s a simple security hardening technique on public accessible hosts.
There are more simple hardening techniques you can find on the security section.
In case you decided that you need to change the default SSH port then follow the steps below.
Steps to follow to change the default SSH port
Either as root user or as a sudo capable user, use your favorite text editor to edit the sshd configuration file. I am using the vi editor.
Edit the line which states ‘Port 22’. But before doing so, you’ll want to read the note below. Choose an appropriate port, also making sure it not currently used on the system. I would suggest to use a mnemonic port, like port 22222 and to use the same port to all your publicly accessible hosts, in order not to lookup which port uses which host for ssh.
# What ports, IPs and protocols we listen for Port 22222
Switch over to the new port by restarting SSH service.
for ubuntu and centos 6 or redhat 6 you can use:
service sshd restart
for centos 7 or redhat 7 you can use:
systemctl restart sshd
and for debian you can use
Verify SSH is listening on the new port by either using telnet or connecting to it. Note how the port number now needs to be declared.
telnet hostname 22222
ssh email@example.com -p 22222