Today’s topic is How to Change the SSH Port in Linux. If you plan to increase the security of your server, you should change the SSH port from its default value. The default port number is a well-known fact and it poses a security risk that you cannot afford. To make the procedure easier, we provide step-by-step instructions in plain English that tell you how to change the SSH port on Linux. The overview contains some basic information about the SSH protocol and why it is important to your server security. Of course, you can skip this and start with the tutorial.
What is SSH?
Secure Shell Protocol (SSH) is a security measure that enables you and other users to connect to a secure server over an unsecured network (such as the Internet). This becomes essential when you are planning to run a server (a VPS or a dedicated server). You need to connect to your server from your laptop, and that connection has to go through the Internet to get there. The Internet, obviously, is an insecure environment, which means you can’t let your guard down. This is why the Secure Shell protocol is equipped with several valuable tools that help establish and maintain server security, including password and key authentication tools.
Why is SSH security important?
When you get a dedicated server or a VPS, you will be given full root access to the system, which means you can remotely connect to the server using the SSH protocol and do the configuration you need. Although SSH does not support graphics and only provides a command-line interface, it is still the main method of server administration. As with all network-based services, SSH uses a default port number. But because the SSH port is harder to change than other protocols like VNC, some users don’t bother to change it. This means hackers and malicious software will have a greater chance of gaining access to your server because they know which ports to target. So, you should take the time to change your default SSH port once and for all, and with this tutorial, you can do it quickly and without extra effort.
How to Change SSH Port in Linux
Throughout the tutorial, we are going to use the Linux terminal to enter the required commands. The screenshots are taken from Fedora Server 34 but most of the commands work for all major Linux distributions. Where distro-specific commands are required, we provide them separately. You will need to sign in to your server using VNC or SSH to go through these steps With the explanation out of the way, let’s begin the actual process.
Launching the Terminal
First, we need to open the Terminal. If you use SSH, you’ll use Terminal by default. If you use a remote desktop protocol like VNC, you can open Terminal by pressing Ctrl+Alt+T or by searching the Applications menu on all Linux distributions.
Edit the SSH configuration file
Now, we are going to use the nano text editor. Nano lets you edit text directly from the CLI, making it the perfect choice for SSH connections. Nano should be installed by default; If it is not, see the Appendix for commands to install it. We’re going to use the editor to edit the SSH configuration file: /etc/ssh/sshd_config (you can use your favorite text editor if you have a remote desktop connection). To do this, you must enter the following command:
sudo nano /etc/ssh/sshd_config
Now, scroll down until you find Port Attributes:
(Optional) Change the SSH port for security
As you can see, the default port is mentioned as 22, and the # before it means this line is a comment. To make any changes, you must remember to remove the # to uncomment. Some people prefer to use SSH port 443, which is usually reserved for SSL encryption, thereby confusing hackers. Let’s say you want to change the SSH port to 3333; To do this, change the following:
From: #Port 22 To: Port 3333
Again, make sure that there is no # before the port word. Press Ctrl+O to save your changes and Ctrl+X to exit the editor.
Restart the SSHD service to finalize the changes
You have finished configuring SSH settings but for the changes to take effect, you need to restart the SSHD service responsible for SSH connections. For this, enter the following command:
sudo systemctl reload sshd
Configure your firewall
Before you start enjoying enhanced server security, however, you should configure your firewall to stop blocking new SSH ports. This is where distro-specific commands come in because of the default firewall used by different distros.
How to Change SSH Port on CentOS/RHEL/Fedora
Most RHEL-based distros, such as CentOS, use a security suite called SELinux (Security-Enhanced Linux), which acts as a firewall, among other things. However, before doing anything else, you should first check if SELinux is actually enabled. To do so, type the following command.
sudo sestatus
If you see something like this, with the first line reading SELinux Status: Enabled then you need to go through the following steps. Otherwise, you can just skip it and go to the last step here.
Now that we’ve determined SELinux is enabled, we’ll use the managed package. If it is disabled, you can use these instructions to quickly enable SELinux. Use the following command to add the port of your choice to SELinux’s list of SSH ports (3333 in this example):
sudo semanage port -a -t ssh_port_t -p tcp 3333
Now, we need to tell the firewall to add port 3333 to your public zone, the registered range of open port numbers:
sudo firewall-cmd --zone=public --add-port=3333/tcp --permanent
All that remains is to restart the firewall service for the changes to take effect:
sudo firewall-cmd --reload
This is the SSH port for CentOS mods. You can check out the new port below.
How to Change SSH Port in Ubuntu/Debian/Kali
Ubuntu and some other Debian-based distros have the UFW firewall installed and enabled by default. This can be done using the following command, which you enter in the terminal as before:
sudo ufw allow 2222/tcp
This is to change the SSH port for Ubuntu. Now let’s just move on to testing the connection to the new port.
Testing new SSH ports
Now, to see if everything worked properly, we’ll do a quick test to see if our SSH port forwarding was successful. If you are using SSH at this point, you should first close the shell and exit the session. Open a terminal on your client and enter the following command to establish an SSH connection:
shh 00.00.00.00 -p 3333
Obviously, you should replace 00.00.00 with the correct IP address for your server, which you can get from your control panel on your provider’s website.
Other safety measures
This is, as far as your server SSH security can be increased, but there is always more. An administrator’s security job is never done. There are still things to do, such as disabling root account access, creating strong passwords, etc. Of course, the hosting provider plays the most important role in ensuring server security. So choosing the right one is vital.
Hopefully, now we can change SSH Port in Linux. If you want to know how to install Docker on a VPS then you can read this article.
