SSH is a network protocol which is used to remotely communicate securely with a Linux systems. By default, SSH service is using port 22. You can add additional security layer by changing SSH port to your server and reduce risk of attacks by hackers and bots.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related SSH queries.
In this context, we shall look into how to change SSH port in Linux systems.
How to Change SSH Port (Ubuntu, Linux Mint, CentOS, Debian) ?
Follow the steps given below to change SSH port in Linux systems:
1. Select a New Port
Linux systems are reserving port numbers below 1024 for it's services. You can also use a port within 1-1024 range for the SSH service but it's recommend to choose a port higher than 1024 to avoid future issue. You can choose maximum port number up to 65535 for SSH service.
We are going to use port 4510 for SSH service in this tutorial, You can choose as per your choice.
2. Setting Up Firewall
If your server have enabled firewall then you need to adjust it with new SSH port before changing it. So it will allow traffic on the new SSH port.
FirewallD is default firewall management tool in CentOS systems. You can open new port using below command on CentOS machines:
$ sudo firewall-cmd --permanent --zone=public --add-port=4510/tcp
$ sudo firewall-cmd --reload
In CentOS or RHEL Linux based distributions another requirement is to adjust the SELinux rules to allows the new SSH port. You can do it by typing:
$ sudo semanage port -a -t ssh_port_t -p tcp 4510
In Ubuntu systems, default firewall tool is UFW. Run below command to allow connection using new SSH port:
$ sudo ufw allow 4510
If you have installed iptables and using as firewall on your Linux server, you can open port by execute below command:
$ sudo iptables -A INPUT -p tcp --dport 4510 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
3. Configuring SSH
In Linux, SSH service default port are stored in /etc/ssh/sshd_config file. At first, you need to open the main SSH configuration file for editing with your favorite text editor by issuing the below command:
$ sudo nano /etc/ssh/sshd_config
Now search line inside file which starts with Port 22. Mostly, this line is comment out with a hash #sign.
Remove the hash # and enter your new SSH port number which will be used instead of the standard SSH port 22.
So it should look like as below:
After you've made the above changes, restart the SSH service to reflect changes:
$ sudo systemctl restart ssh
In CentOS or RHEL Linux based distributions the ssh service is named sshd so you need to run following command to restart SSH service:
$ sudo systemctl restart sshd
You can verify that SSH daemon is listening on the new port 4510 by issuing below command:
$ ss -an | grep 4510
It will show output like this:
tcp LISTEN 0 128 0.0.0.0:4510 0.0.0.0:*
tcp LISTEN 0 128 [::]:4510 [::]:*
4. SSH Connection Using New Port
Now, you have changed successfully port for SSH service. To make connection using new port you have to mention port number -p with SSH command as below:
$ ssh -p 4510 username@remote_ip_address
[Need assistance in fixing SSH Linux issues? We can help you. ]