{"id":7336,"date":"2021-06-16T08:03:03","date_gmt":"2021-06-16T08:03:03","guid":{"rendered":"https:\/\/linuxways.net\/?p=7336"},"modified":"2021-06-16T08:03:03","modified_gmt":"2021-06-16T08:03:03","slug":"how-to-change-ssh-port-in-linux","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-change-ssh-port-in-linux\/","title":{"rendered":"How to Change SSH Port in Linux"},"content":{"rendered":"

By default, SSH protocol is known to listen to port 22. While it’s perfectly OK, in a security sense, it\u2019s recommended to change the default port to another port. This greatly minimizes the risks of hackers launching automated brute-force attacks using SSH. In this guide, we will demonstrate how you can change the default SSH port to something else in Linux.<\/p>\n

Prerequisites<\/strong><\/h2>\n

As you get started out, ensure that you have an instance of a Linux server. For this guide, we are using Ubuntu 20.04 server.<\/p>\n

Ensure that you also have an SSH client ( such as Putty ) or even a client Linux system to set the connection to the server using the new port.<\/p>\n

Step 1: Check if SSH is running on the default port<\/strong><\/h2>\n

Firstly, we need to verify that the SSH service is running on the server. To accomplish this, run the following command:<\/p>\n

$ sudo systemctl status ssh<\/strong><\/pre>\n
<\/p>\n
The output is a confirmation that the SSH service is active. Let\u2019s even go further and ensure that it is running on the default port. Run the following netstat command.<\/p>\n
$ sudo netstat -pnltu | grep 22<\/strong><\/pre>\n
<\/p>\n
Step 2: Select a port and configure SSH<\/strong><\/h2>\n
As you might know, TCP ports range from port 0 – 65535. However, the ports from 0 – 1024 are regarded as privileged ports designated for special services such as HTTP ( Port 80 ), FTP ( 21 ), and SMTP ( 25 ) to mention just a few.<\/p>\n
To avoid any conflict with privileged ports, we are going to pick a port that\u2019s above port 1024. In this example, we have chosen to change the default port to port 5466. To enable this, we will modify the  \/etc\/ssh\/sshd_config<\/strong> SSH configuration file.<\/p>\n
$ sudo vim \/etc\/ssh\/sshd_config<\/strong><\/pre>\n
Locate the line that starts with #Port 22<\/strong> as shown.<\/p>\n
<\/p>\n
Uncomment and specify the port number.<\/p>\n
<\/p>\n
Thereafter, save the changes made and exit the configuration file. For the changes to persist, restart the SSH service.<\/p>\n
$ sudo systemctl restart ssh<\/strong><\/pre>\n
<\/p>\n
To verify that SSH is listening to the newly configured port, run:<\/p>\n
$ sudo netstat -pnltu | grep 5466<\/strong><\/pre>\n
<\/p>\n
Step 3: Allow the new SSH port on the UFW firewall<\/strong><\/h2>\n
If the UFW firewall is enabled, be sure to open the configured port as shown.<\/p>\n
$ sudo ufw allow 5466\/tcp<\/strong><\/pre>\n
$ sudo ufw reload<\/strong><\/pre>\n
For CentOS \/ RHEL, open the port as follows.<\/p>\n
$ sudo firewall-cmd --add-port=5466\/tcp --add-zone=public --permanent<\/strong><\/pre>\n
$ sudo firewall-cmd --reload<\/strong><\/pre>\n
At this point, you can remotely access the server, and this is what we will demonstrate shortly.<\/p>\n
Step 4: Logging in using the new port<\/strong><\/h2>\n
To log in to the server, head over to the SSH client. Specify the port number using the -p<\/strong> option followed by the SSH port and the remote server identity.<\/p>\n
$ ssh -p 5466 james@192.168.2.104<\/strong><\/pre>\n
As you would expect, you will be prompted to provide the password after which you will be granted access to the remote server.<\/p>\n
<\/p>\n
Conclusion<\/strong><\/h2>\n
This brings this topic to a close. For better security, consider using SSH passwordless authentication<\/a> with SSH public\/private key pair.<\/p>","protected":false},"excerpt":{"rendered":"
By default, SSH protocol is known to listen to port 22. While it’s perfectly OK, in a security sense, it\u2019s recommended to change the default port to another…<\/p>","protected":false},"author":1,"featured_media":7356,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[21,100],"class_list":["post-7336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-ssh","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/7336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=7336"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/7336\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/7356"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=7336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=7336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=7336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}