Read in 3 minutes

last updated 

How to Change the SSH Port in Linux

By default, SSH listens on port 22. Changing the default SSH port adds an extra layer of security to your server by reducing the risk of automated attacks.

Instead of changing the port is much simpler and secure to configure your firewall to allow access to port 22 only from specific hosts.

This tutorial explains how to change the default SSH port in Linux. We will also show you how to configure your firewall to allow access to the new SSH port.

Changing the SSH Port

Follow the steps below to change the SSH Port on your Linux system:

1. Choosing a New Port Number

In Linux, port numbers below 1024 are reserved for well-known services and can only be bound to by root. Although you can use a port within 1-1024 range for the SSH service to avoid issues with port allocation in the future it is recommended to choose a port above 1024.

In this example will change the SSH port to 5522, you can choose any port you like.

2. Adjusting Firewall

Before changing the SSH port, first you’ll need to adjust your firewall to allow traffic on the new SSH port.

If you are using UFW, the default firewall configuration tool for Ubuntu run the following command to open the new SSH port:

sudo ufw allow 5522/tcp

In CentOS the default firewall management tool is FirewallD. To open the new port run the following commands:

sudo firewall-cmd --permanent --zone=public --add-port=5522/tcp
sudo firewall-cmd --reload

CentOS users will also need to adjust the SELinux rules to allows the new SSH port:

sudo semanage port -a -t ssh_port_t -p tcp 5522

If you are using iptables as your firewall, the following command will open the new SSH port:

sudo iptables -A INPUT -p tcp --dport 5522 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

3. Configuring SSH

Open the SSH configuration file /etc/ssh/sshd_config with your text editor:

sudo nano /etc/ssh/sshd_config

Search for the line starting with Port 22. In most cases, this line will start with a hash #. Remove the hash # and enter your new SSH port number that will be used instead of the standard SSH port 22.

/etc/ssh/sshd_config
Port 5522

Be extra careful when modifying the SSH configuration file. The incorrect configuration may cause the SSH service to fail to start.

Once you are done save the file and restart the SSH service to apply the changes:

sudo systemctl restart ssh

In CentOS the ssh service is named sshd:

sudo systemctl restart sshd

To verify that SSH daemon is listening on the new port 5522 type:

ss -an | grep 5522

The output should look something like this:

tcp   LISTEN      0        128            0.0.0.0:5522           0.0.0.0:*
tcp   ESTAB       0        0      192.168.121.108:5522     192.168.121.1:57638
tcp   LISTEN      0        128               [::]:5522              [::]:*

Using the New SSH Port

Now that you changed the SSH port when login to the remote machine you’ll need to specify the new port.

Use the -p <port_number> option specify the port:

ssh -p 5522 [email protected]_host_or_ip

Conclusion

In this tutorial, you have learned how to change the SSH port on your Linux server. You may also want to setup an SSH key-based authentication and connect to your Linux servers without entering a password.

If you are regularly connecting to multiple systems, you can simplify your workflow by defining all of your connections in the SSH config file.

If you have any question or feedback, feel free to leave a comment.