How To Change SSH Port on a Linux Server


If you have just purchased your first Virtual Private Server (VPS) which runs on Linux, it is a very good practice to maintain the server security. There are a plenty of ways out there to secure your Linux based server but it is always better to cover the basics first.

Changing the SSH port of your Linux server can be very much easy. Users can easily change their default SSH port (22) to any other port that they want to. The SSH port is usually defined in the sshd_config file. You can find the file at /etc/ssh/sshd_config.

A brief overview of steps to change the SSH Port for Linux Server

  1. Open the terminal software (such as PuTTY) to connect to the server via SSH
  2. Locate the file with the name “sshd_config” with the help of a specific command
  3. Set a new preferred port by editing the file
  4. Save and close sshd_config file.
  5. Configure firewall for New SSH Port
  6. Restart SSHD service

Step 1: Reconfigure the SSHD file

To start changing the SSH port in your Linux server, login in the server as root.

$ ssh root@HostName/IP

[Here, HostName/IP should be replaced with the hostname of your server or the primary IP address of your server]

Once you have logged in to the remote server via SSH, we can now continue locating the sshd_config file to ben editing. You can locate the sshd_config file in your server by typing the following command below.

$ find / -name “sshd_config”

You are supposed to get a sample output like this.

$ etc/ssh/sshd_config

Once you have located your sshd_config file, it is always a good idea to back up the important files like these, in case something goes wrong.

$ cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now once we have successfully backed up our sshd_config file, it is the time to modify the file. To do this, you can use your favorite text editor. For this tutorial, we are going to stick to Vim. Type the following command to open the sshd_config file using vim.

$ vim /etc/ssh/sshd_config

Now you are required to locate the line which reads “Port 22” or “#Port 22” within the file. Here is an example of the file with the required line in red color.

# possible, but leave them commented. Uncommented options change a
. . . . .

#Port 22

. . . . .
# ListenAddress ::

Now, since you have located the required line, you can continue to change the port number 22 to any other port number you want. In this case, we are going to use the port number 2222. That being said, make sure to remove the # before the line to make it work. The # symbol changes a line into a comment, resulting to make the server ignore whatever it is after the # in the line.

Also, be advised about the port choice. You can always check out the Wikipedia to know about specific Well known ports and their uses, to avoid reusing those ports. The ports from 49152 through 65535 can be used without any worries.

Now, once you have changed the port number, it should look something like this.

# possible, but leave them commented. Uncommented options change a
. . . . .

Port 2222

. . . . .
# ListenAddress ::

If everything looks fine till now, it’s time to save and close the sshd_config file and move to the next step.

[You can save the file in vim by typing :wq and then pressing enter.]
Step 2: Updating the Firewall for new SSH port
Now, since we have changed the SSH port by editing the sshd_config file, it is time to open the ports by making changes to your firewall configuration.

We are going to make changes to the APF firewall configuration (if you use that) using Vim text editor again. Start by looking up for the file using the following command.

$ find / -name “conf.apf”

The output should be like this.

$ /etc/apf/conf.apf

Now, just like last time, we are going to take a backup of the file for security reasons using the following command.

$ cp /etc/apf/conf.apf /etc/apf/conf.apf.bak

[Note: You may consider changing the file path (marked in red color) if your output was different than the example one]

Once the file is backed up, continue opening the file in your preferred file editor using the following command.

$ vim /etc/apf/conf.apf

Now, look out for the line labeled as “Common ingress (inbound) TCP ports”. You want to look for something similar like this.

. . . . .
# Common ingress (inbound) TCP ports

# Common ingress (inbound) TCP ports
. . . . .

Once located, continue adding your new SSH port (2222) on the list. Now it should look something like this. PS, Make sure to add commas when required.

. . . . .
# Common ingress (inbound) TCP ports
# Common ingress (inbound) TCP ports
. . . . .

Save and close the conf.apf file like before.
Additionally, if you are using UFW on an Ubuntu or Debian based Linux machine, you can use the following command to allow port 2222.

$ ufw allow 2222/tcp

If you are using iptables, the syntax which you can use to allow port 2222 is going to be this.

$ /sbin/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 2222 -j ACCEPT

Step 3: Restart the services
Once you have successfully completed Step 1 and Step 2, it is now time to restart the required services, starting with the firewall.

If you use APF use the following command to restart the firewall.

$ service apf restart

In case of UFW, use the following command to reload firewall rules.

$ ufw reload

For iptables go with the following command.

$ service iptables restart

Now, once the firewall has updated its rules, we are going to restart the sshd service. The command may differ according to the distributions, here are the most common ones listed below.

In case of CentOS/RHEL/Fedora Linux use the command below.

$ service sshd restart

OR If you are using CentOS/RHEL/Fedora Linux with systemd use the command below.

$ systemctl restart sshd

In case of Ubuntu/Debian/Mint Linux go with this command.

$ service ssh restart

OR if using Ubuntu/Debian/Mint Linux with systemd, use this command.

$ ystemctl restart ssh

After restarting the SSHD service, the SSH is going to listen from the new port only. Also, note that once your default SSH port is changed you also need to change the way of using some of the commands. Services like SCP and rsync are the examples of commands that would need the new port number specified.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More