SSH is a network protocol which is used to remotely communicate securely with a Linux systems. By default, SSH service is using port 22. You can add additional security layer by changing SSH port to your server and reduce risk of attacks by hackers and bots.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related SSH queries.
In this context, we shall look into how to change SSH port in Linux systems.
Follow the steps given below to change SSH port in Linux systems:
1. Select a New Port
Linux systems are reserving port numbers below 1024 for it's services. You can also use a port within 1-1024 range for the SSH service but it's recommend to choose a port higher than 1024 to avoid future issue. You can choose maximum port number up to 65535 for SSH service.
We are going to use port 4510 for SSH service in this tutorial, You can choose as per your choice.
2. Setting Up Firewall
If your server have enabled firewall then you need to adjust it with new SSH port before changing it. So it will allow traffic on the new SSH port.
FirewallD is default firewall management tool in CentOS systems. You can open new port using below command on CentOS machines:
$ sudo firewall-cmd --permanent --zone=public --add-port=4510/tcp
$ sudo firewall-cmd --reload
In CentOS or RHEL Linux based distributions another requirement is to adjust the SELinux rules to allows the new SSH port. You can do it by typing:
$ sudo semanage port -a -t ssh_port_t -p tcp 4510
In Ubuntu systems, default firewall tool is UFW. Run below command to allow connection using new SSH port:
$ sudo ufw allow 4510
If you have installed iptables and using as firewall on your Linux server, you can open port by execute below command:
$ sudo iptables -A INPUT -p tcp --dport 4510 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
3. Configuring SSH
In Linux, SSH service default port are stored in /etc/ssh/sshd_config file. At first, you need to open the main SSH configuration file for editing with your favorite text editor by issuing the below command:
$ sudo nano /etc/ssh/sshd_config
Now search line inside file which starts with Port 22. Mostly, this line is comment out with a hash #sign.
Remove the hash # and enter your new SSH port number which will be used instead of the standard SSH port 22.
So it should look like as below:
Port 4510
After you've made the above changes, restart the SSH service to reflect changes:
$ sudo systemctl restart ssh
In CentOS or RHEL Linux based distributions the ssh service is named sshd so you need to run following command to restart SSH service:
$ sudo systemctl restart sshd
You can verify that SSH daemon is listening on the new port 4510 by issuing below command:
$ ss -an | grep 4510
It will show output like this:
tcp LISTEN 0 128 0.0.0.0:4510 0.0.0.0:*
tcp LISTEN 0 128 [::]:4510 [::]:*
4. SSH Connection Using New Port
Now, you have changed successfully port for SSH service. To make connection using new port you have to mention port number -p with SSH command as below:
$ ssh -p 4510 username@remote_ip_address
This article covers how to change SSH port on your Linux system. SSH (Secure shell) is a cryptographic network protocol used to connect to a remote server securely and it transfer the data in encrypted form between the host and the client.
The default TCP port for SSH is 22, and by changing this default port to the other, it can prevent automated bots and malicious users from being brutally forced into the server.
Before changing the default SSH port number, can check the current port with the below command:
# netstat -ntlp | grep ssh
To change the SSH port:
1. Open the main SSH daemon configuration file /etc/ssh/sshd_config:
# vi /etc/ssh/sshd_config
2. Now search line begins with Port 22 and add hashtag (#) in front of that line.
3. Then add a new Port line below with the custom port.
Note: Replace the sample port number with the custom port number that needs to be set.
4. Save and exit.
How to Restart the SSH daemon for the changes to take effect ?
Run the below commands to restart the SSH daemon and verify that the port changed:
# systemctl restart sshd
# netstat -ntlp | grep ssh