How To Change SSH Port in Linux – An Easy Guide

Filed Under: UNIX/Linux
Change SSH Port In Linux

The default port on SSH is 22. But for security reasons, it’s a good idea to change SSH port in Linux. We’ll discuss why it’s necessary and how to make the change in a step by step manner.

Requirements:

  • SSH Server
  • Text Editor
  • Sudo Privileges
  • 5 minutes of time

This is a very quick and straightforward tutorial owing to the simplicity of the SSH server configuration file.

Steps To Change SSH Port in Linux

Let’s get right into the crux of the tutorial first and then move on to understand why we’d even need to change the port in the first place.

1. Choose the Right SSH Port

Ports are networking endpoints that decide where a data packet should be delivered. Based on the port number, the correct application on an Operating System receives the requested package.

Out of those 65535 ports, the first 1023 ports are reserved for well-known services and 1024 to 49151 ports are registered ports. What’s left for us to play around with are the ephemeral ports which range from 49152 to 65535.

To know the list of known ports: Wikipedia Page on Ports and How to Open ports on Linux

2. Find Which Port the SSH Server is Active on

We’ll run the netstat utility to show us the port that SSH server is currently active on.

root@ubuntu:~# netstat -tlpn
Netstat Find Ssh Port
Netstat to Find Ssh Port

As you can see in the Local Address column, the row across to 628/sshd says 0.0.0.0:22 which confirms that the listening port is 22 for our SSH server.

3. Change SSH Port in the sshd_config File

Now that we know we’re still listening to the default port for SSH connections, we can go ahead and change it.

All we need to do is simply edit one line in the /etc/ssh/sshd_config file. Use any of your favorite terminal text editors to open the file with sudo privileges.

root@ubuntu:~# nano /etc/ssh/sshd_config

I haven’t used sudo since I’m already on a root account.

Once the file is open, look for a line that says #Port 22. This is where the magic happens. Since this line is commented by default, it uses the default port that is 22. All we need to do is uncomment the line and change the port number.

Editing SSH Port
Editing SSH Port

Now for demonstration purposes, I’ve selected 50000 as the port number for SSH. Once you’ve edited the port number as per your requirements, you can now save the file and move to the next step.

4. Restart SSH Service and Check Updated Port

Saved the file? Great, let’s restart SSH Server and run the same netstat command once again to check if the port was updated.

Run the below commands to get SSH server to restart and then run the netstat command again.

root@ubuntu:~# service sshd restart
root@ubuntu:~# netstat -tlpn
Sshd Updated Port
Ssh Updated Port

You’re all set up now with a new SSH port that the SSH server is listening on.

Why Change Default SSH Port on Linux?

If you read through the Wikipedia article or through the tutorial on opening ports in Linux you’ll know that if your server has port 22 open, it’s very obvious that your server is listening for SSH connections.

Hackers are always on a lookout for servers that broadcast their open ports. And if they can identify the service behind the port because the default port number is used, things become much easier for them.

REMEMBER: Changing the port will not secure your server from attacks but it will make it less obvious for a hacker.

Conclusion

This was it for our short tutorial on changing SSH ports. I hope you understood how to change ssh port in Linux and why you should consider changing the defaults whenever possible.

If you have any questions or get stuck at any point, feel free to comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages