The default port on SSH is 22. But for security reasons, it’s a good idea to change SSH port in Linux. We’ll discuss why it’s necessary and how to make the change in a step by step manner.
- SSH Server
- Text Editor
- Sudo Privileges
- 5 minutes of time
This is a very quick and straightforward tutorial owing to the simplicity of the SSH server configuration file.
Steps To Change SSH Port in Linux
Let’s get right into the crux of the tutorial first and then move on to understand why we’d even need to change the port in the first place.
1. Choose the Right SSH Port
Ports are networking endpoints that decide where a data packet should be delivered. Based on the port number, the correct application on an Operating System receives the requested package.
Out of those 65535 ports, the first 1023 ports are reserved for well-known services and 1024 to 49151 ports are registered ports. What’s left for us to play around with are the ephemeral ports which range from 49152 to 65535.
2. Find Which Port the SSH Server is Active on
We’ll run the netstat utility to show us the port that SSH server is currently active on.
root@ubuntu:~# netstat -tlpn
As you can see in the Local Address column, the row across to 628/sshd says 0.0.0.0:22 which confirms that the listening port is 22 for our SSH server.
3. Change SSH Port in the sshd_config File
Now that we know we’re still listening to the default port for SSH connections, we can go ahead and change it.
All we need to do is simply edit one line in the /etc/ssh/sshd_config file. Use any of your favorite terminal text editors to open the file with sudo privileges.
root@ubuntu:~# nano /etc/ssh/sshd_config
I haven’t used sudo since I’m already on a root account.
Once the file is open, look for a line that says #Port 22. This is where the magic happens. Since this line is commented by default, it uses the default port that is 22. All we need to do is uncomment the line and change the port number.
Now for demonstration purposes, I’ve selected 50000 as the port number for SSH. Once you’ve edited the port number as per your requirements, you can now save the file and move to the next step.
4. Restart SSH Service and Check Updated Port
Saved the file? Great, let’s restart SSH Server and run the same netstat command once again to check if the port was updated.
Run the below commands to get SSH server to restart and then run the netstat command again.
root@ubuntu:~# service sshd restart root@ubuntu:~# netstat -tlpn
You’re all set up now with a new SSH port that the SSH server is listening on.
Why Change Default SSH Port on Linux?
If you read through the Wikipedia article or through the tutorial on opening ports in Linux you’ll know that if your server has port 22 open, it’s very obvious that your server is listening for SSH connections.
Hackers are always on a lookout for servers that broadcast their open ports. And if they can identify the service behind the port because the default port number is used, things become much easier for them.
REMEMBER: Changing the port will not secure your server from attacks but it will make it less obvious for a hacker.
This was it for our short tutorial on changing SSH ports. I hope you understood how to change ssh port in Linux and why you should consider changing the defaults whenever possible.
If you have any questions or get stuck at any point, feel free to comment below.