How to change the default SSH port in Linux
Last Updated :
13 Dec, 2023
SSH (Secure Shell) is a network protocol used to securely connect to the remote server where the data between the server and client is transferred in an encrypted format.
In the world of Linux system administration and security, one essential practice is changing the default SSH port. This article will guide you through the process of enhancing your server's security by altering the default SSH port, providing you with valuable skills to protect your system from potential threats and unauthorized access. Join us in this informative exploration of "How to Change the Default SSH Port in Linux."
Why Change the Default Port?
The SSH port is typically changed to enhance server security and mitigate potential threats from malicious users, such as Brute Force attacks. These attacks involve systematic trial-and-error methods aimed at breaking into a user's account by guessing login details, credentials, and encryption keys using various alphanumeric combinations.
By default, SSH services listen on port 22, a widely known default port, making it relatively easy for hackers to target and attempt unauthorized access to encrypted data on this port. Changing the default SSH port makes it significantly more challenging for hackers, as they must now identify the correct port through a more extensive search, increasing the security of the server.
Prerequisites
How to Change the Default SSH Port?
In this article, we will see how to change the default SSH port in simple and easy steps. The steps are mentioned below.
1. Connect to The Remote Server
The user should connect to a remote server via SSH using a terminal or any SSH client tool like Putty, Mobaxterm, etc.
ssh username@server_ip
For example:
let's connect to server.example.com from the terminal using the below command.
ssh [email protected]
In the next step, the user would be prompted to enter a password, post which the secure connection is established.
Access the remote server through SSH2. Select a new port
There are a total of 65,536 communication ports which are categorized into three ranges.
|
| Well known/System Ports | 0 -1023 | These are reserved ports for running system-specific services like SSH which usually runs on 22, HTTPS listens on 443, etc and the process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports. |
| Registered Ports | 1024 - 49151 | These ports are assigned by IANA for specific services upon application by a requesting entity and they can also be used by ordinary users. |
| Dynamic/Private ports | 49152 -65535 | These ports cannot be registered with IANA, it is used for private or customized services or for temporary purposes. |
In this example, we will take port 5444 and have to make sure that the port is open meaning it should not be used by any other application. There are numerous Linux commands available to list the open ports and we will check for open ports using lsof command,
sudo lsof -i -P -n | grep LISTEN
Let's try port 5432 and see if it's open or not,
5432 used by postgres5432 is used by Postgres, so let's check for another port 5444,
5444 is open5444 port is not used by any service, so it can be taken as a default port for sshd.
3. Unblock port
Once the port is selected, the user should make sure that the port is not blocked and have to open the port in order to allow traffic on it.
Run the following command to update iptables rule to allow incoming connection on the new port.
sudo iptables -I INPUT -p tcp --dport 5444 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
update iptables rule to allow incoming connection on the new portVerify if the rule is listed in iptables,
Verifying if the rule is listed in iptables Next, the new port needs to be updated in the sshd server config file named sshd_config usually located under /etc/ssh/.
config files always present in the /etc/ directoryOpen the file and look for a Port option which is usually commented out (#).
#Port 22
Checking the port number with #Remove the # symbol, change the default port from 22 to 5444 and save it,
Port 5444
Checking the port numberUsers should be careful while doing changes in the server config file as incorrect configuration might lead to the service not getting started up. As a proactive measure users can take a backup of the file before doing any changes.
5. Restart SSH Service
After changing the port number, restart sshd service for the changes to take effect.
For Debian/Ubuntu,
service sshd restart
restart ssh server in UbuntuFor CentOS/Fedora,
systemctl restart sshd
restart ssh server in FedoraAfter the service restart, the user would not be able to connect to the server through the old port,
Connection refused with old port6. Connect with the new port
Now let's try to connect to the remote server through new port 5444,
ssh username@server_ip -p port_number
Connection establishedFrequelty Asked Question to Change the Default SSH Port in Linux
1. How can I change the default SSH port in Linux?
To change the default SSH port in Linux, you can modify the SSH daemon configuration file located at `/etc/ssh/sshd_config`. Look for the line containing "Port" and change the port number to your desired value. After making the change, restart the SSH service using `sudo service ssh restart`.
2. What are the security implications of changing the SSH port?
Changing the default SSH port adds a layer of security by making it less predictable for potential attackers. However, it's not a foolproof security measure, and it's crucial to implement other security practices like using key-based authentication, disabling root login, and keeping the system and SSH software up to date.
3. How do I access a Linux server with a custom SSH port?
To access a Linux server with a custom SSH port, include the port number in the SSH command. For example, if you changed the port to 2222, use the command: `ssh user@your_server_ip -p 2222`. Ensure that the firewall on both the client and server allows traffic on the custom port.
4. Can I use any port number for SSH?
In theory, you can use any available port for SSH. However, it's recommended to choose a port number between 1024 and 49151 that is not commonly used by other services. Ports below 1024 are considered well-known ports, and using them for SSH may require additional permissions.
5. What should I do if I'm locked out after changing the SSH port?
If you're unable to access your server after changing the SSH port, check if the port is open in the firewall and if the SSH service is running. If you have physical or console access to the server, you can revert the changes in the SSH configuration file. Alternatively, if you have a backup of the configuration file, restore it to regain access.
Conclusion
In this article we discussed How to Changing the default SSH port in Linux which is crucial for enhancing server security and thwarting potential threats like brute force attacks. This article guides users through the process in simple steps. It covers connecting to the server, selecting a new port (like 5444), unblocking and configuring the port, and restarting the SSH service. Frequently asked questions include how to change the SSH port, security implications, accessing a server with a custom port, suitable port numbers, and what to do if locked out after changes. By following these steps, users can bolster their server's security effectively.
Similar Reads
How To Change Default Shell In Linux
In most Linux systems, the default shell is bash but we can change that to any other shell-like zsh, fish, sh, and any other. In this article, we are going to show how to change that default shell to any other shell in Linux systems. To change the user's shell, first, let's find the current shell. T
4 min read
How to Change FTP Port in Linux?
Files are either uploaded or downloaded to the FTP server. The files are moved from a personal computer to the server when you upload files. The files are moved from the cloud to your personal computer when the files are downloaded. In order to transfer files through FTP, TCP/IP (Transmission Contro
1 min read
How to Change Default MySQL/MariaDB Port in Linux?
The default port that the MySQL database server runs under Linux is 3306/TCP. Use the commands below to change the default MySQL/MariaDB Database port in Linux. vi /etc/mysql/mariadb.conf.d/50-server.cnf Search for the line MYSQL, find port under this line, and replace port values accordingly. [mysq
1 min read
How to Set or Change System Hostname in Linux?
A hostname is a label assigned to a device connected to a computer network. It is used to identify the device in various forms of electronic communication such as logging in, sending emails, or in network traffic. This name can be anything from a simple single-word string to a more complex string of
4 min read
How to Enable and Start SSH on Kali Linux
Secure Shell (SSH) is a protocol that provides a secure way to access a remote computer. It allows you to remotely log in to a system and execute commands as if you were sitting at the console. In this guide, we will explain how to enable and start SSH on Kali Linux, a popular Linux distribution use
5 min read
How to Disable SSH Root Login in Linux?
SSH or secure shell is a network protocol established between two computers on a network to communicate with each other and share data. This protocol is useful in the case of remote access to the machine. SSH makes the work easy and accessible anywhere. Here we will see how to disable SSH Root Login
3 min read
How to change font size in putty
PuTTY application is one one the most widely used terminal-based emulators that allow users to connect to remote servers through a wide range of protocols like Telnet, SSH, and other important protocols. As the PuTTY application has its GUI application, we can customize it by making it more reliable
4 min read
How to Change Apache HTTP Port in Linux?
The Apache HTTP server is one of the internet's most popular web servers today, thanks to its versatility, consistency, and a plethora of features, some of which are actually not available on other web servers, such as Nginx's competitor. Some of Apache's most significant features include the abilit
2 min read
How to Change Port in Flask app
In this article, we will learn to change the port of a Flask application. The default port for the Flask application is 5000. So we can access our application at the below URL. http://127.0.0.1:5000/ We may want to change the port may be because the default port is already occupied. To do that we ju
1 min read
How to Create SSH Tunneling or Port Forwarding in Linux?
SSH is a secure shell standard client utility for Linux. It is used to establish secure connections to remote (or even local) ssh servers. But some programs are not designed flexible enough to be processed by ssh trivial way: the program can work with local connections only or some related network a
6 min read