×


Change the SSH Port on Ubuntu 20.04 Linux Server

SSH is a network protocol which is used to remotely communicate securely with a Linux systems. By default, SSH service is using port 22. You can add additional security layer by changing SSH port to your server and reduce risk of attacks by hackers and bots.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related SSH queries.

In this context, we shall look into how to change SSH port in Linux systems.


How to Change SSH Port (Ubuntu, Linux Mint, CentOS, Debian) ?

Follow the steps given below to change SSH port in Linux systems:


1. Select a New Port

Linux systems are reserving port numbers below 1024 for it's services. You can also use a port within 1-1024 range for the SSH service but it's recommend to choose a port higher than 1024 to avoid future issue. You can choose maximum port number up to 65535 for SSH service.

We are going to use port 4510 for SSH service in this tutorial, You can choose as per your choice.


2. Setting Up Firewall

If your server have enabled firewall then you need to adjust it with new SSH port before changing it. So it will allow traffic on the new SSH port.

FirewallD is default firewall management tool in CentOS systems. You can open new port using below command on CentOS machines:

$ sudo firewall-cmd --permanent --zone=public --add-port=4510/tcp
$ sudo firewall-cmd --reload

In CentOS or RHEL Linux based distributions another requirement is to adjust the SELinux rules to allows the new SSH port. You can do it by typing:

$ sudo semanage port -a -t ssh_port_t -p tcp 4510

In Ubuntu systems, default firewall tool is UFW. Run below command to allow connection using new SSH port:

$ sudo ufw allow 4510

If you have installed iptables and using as firewall on your Linux server, you can open port by execute below command:

$ sudo iptables -A INPUT -p tcp --dport 4510 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT


3. Configuring SSH

In Linux, SSH service default port are stored in /etc/ssh/sshd_config file. At first, you need to open the main SSH configuration file for editing with your favorite text editor by issuing the below command:

$ sudo nano /etc/ssh/sshd_config

Now search line inside file which starts with Port 22. Mostly, this line is comment out with a hash #sign. 

Remove the hash # and enter your new SSH port number which will be used instead of the standard SSH port 22. 

So it should look like as below:

Port 4510

After you've made the above changes, restart the SSH service to reflect changes:

$ sudo systemctl restart ssh

In CentOS or RHEL Linux based distributions the ssh service is named sshd so you need to run following command to restart SSH service:

$ sudo systemctl restart sshd

You can verify that SSH daemon is listening on the new port 4510 by issuing below command:

$ ss -an | grep 4510

It will show output like this:

tcp        LISTEN   0    128       0.0.0.0:4510      0.0.0.0:*
tcp        LISTEN   0    128          [::]:4510         [::]:*


4. SSH Connection Using New Port

Now, you have changed successfully port for SSH service. To make connection using new port you have to mention port number -p with SSH command as below:

$ ssh -p 4510 username@remote_ip_address


[Need assistance in fixing SSH Linux issues? We can help you. ]


Conclusion

This article covers how to change SSH port on your Linux system. SSH (Secure shell) is a cryptographic network protocol used to connect to a remote server securely and it transfer the data in encrypted form between the host and the client.

The default TCP port for SSH is 22, and by changing this default port to the other, it can prevent automated bots and malicious users from being brutally forced into the server.

Before changing the default SSH port number, can check the current port with the below command:

# netstat -ntlp | grep ssh


To change the SSH port:

1. Open the main SSH daemon configuration file /etc/ssh/sshd_config:

# vi /etc/ssh/sshd_config

2. Now search line begins with Port 22 and add hashtag (#) in front of that line. 

3. Then add a new Port line below with the custom port.

Note: Replace the sample port number with the custom port number that needs to be set.

4. Save and exit.


How to Restart the SSH daemon for the changes to take effect ?

Run the below commands to restart the SSH daemon and verify that the port changed:

# systemctl restart sshd
# netstat -ntlp | grep ssh