SSH is a network protocol which is used to remotely communicate securely with a Linux systems. By default, SSH service is using port
22. You can add additional security layer by changing SSH port to your server and reduce risk of attacks by hackers and bots. In this tutorial, you will learn how to change SSH port in Linux systems.
Change SSH Port
Following are the steps to change SSH port in Linux systems:
Step 1 – Select a New Port
Linux systems are reserving port numbers below
1024 for it’s services. You can also use a port within
1-1024 range for the SSH service but it’s recommend to choose a port higher than
1024 to avoid future issue. You can choose maximum port number up to
65535 for SSH service.
We are going to use port
4567 for SSH service in this tutorial, You can choose as per your choice.
Step 2 – Setting Up Firewall
If your server have enabled firewall then you need to adjust it with new SSH port before changing it. So it will allow traffic on the new SSH port.
FirewallD is default firewall management tool in CentOS systems. You can open new port using below command on CentOS machines:
sudo firewall-cmd --permanent --zone=public --add-port=4567/tcp
sudo firewall-cmd --reload
In CentOS or RHEL Linux based distributions another requirement is to adjust the SELinux rules to allows the new SSH port. You can do it by typing:
sudo semanage port -a -t ssh_port_t -p tcp 4567
In Ubuntu systems, default firewall tool is UFW. Run below command to allow connection using new SSH port:
sudo ufw allow 4567
If you have installed iptables and using as firewall on your Linux server, you can open port by execute below command:
sudo iptables -A INPUT -p tcp --dport 4567 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Step 3 – Configuring SSH
In Linux, SSH service default port are stored in
/etc/ssh/sshd_config file. At first, you need to open the main SSH configuration file for editing with your favorite text editor by issuing the below command:
sudo nano /etc/ssh/sshd_config
Now search line inside file which starts with
Port 22. Mostly, this line is comment out with a hash
#sign. Remove the hash # and enter your new SSH port number which will be used instead of the standard SSH port
22. So it should look like as below:
After you’ve made the above changes, restart the SSH service to reflect changes.
sudo systemctl restart ssh
In CentOS or RHEL Linux based distributions the ssh service is named sshd so you need to run following command to restart SSH service:
sudo systemctl restart sshd
You can verify that SSH daemon is listening on the new port 4567 by issuing below command:
ss -an | grep 4567
It will show output like this:
tcp LISTEN 0 128 0.0.0.0:4567 0.0.0.0:*
tcp LISTEN 0 128 [::]:4567 [::]:*
Step 4 – SSH Connection Using New Port
Now, you have changed successfully port for SSH service. To make connection using new port you have to mention port number
-p with SSH command as below:
ssh -p 4567 username@remote_ip_address
You learned how to change SSH port on your Linux system. If you have any questions or suggestion you can leave comment below.