How to Change the SSH Port in Linux Server

SSH is a network protocol which is used to remotely communicate securely with a Linux systems. By default, SSH service is using port 22. You can add additional security layer by changing SSH port to your server and reduce risk of attacks by hackers and bots. In this tutorial, you will learn how to change SSH port in Linux systems.

Change SSH Port#

Following are the steps to change SSH port in Linux systems:

Step 1 – Select a New Port#

Linux systems are reserving port numbers below 1024 for it’s services. You can also use a port within 1-1024 range for the SSH service but it’s recommend to choose a port higher than 1024 to avoid future issue. You can choose maximum port number up to 65535 for SSH service.

We are going to use port 4567 for SSH service in this tutorial, You can choose as per your choice.

Step 2 – Setting Up Firewall#

If your server have enabled firewall then you need to adjust it with new SSH port before changing it. So it will allow traffic on the new SSH port.

FirewallD is default firewall management tool in CentOS systems. You can open new port using below command on CentOS machines:

sudo firewall-cmd --permanent --zone=public --add-port=4567/tcp
sudo firewall-cmd --reload

In CentOS or RHEL Linux based distributions another requirement is to adjust the SELinux rules to allows the new SSH port. You can do it by typing:

sudo semanage port -a -t ssh_port_t -p tcp 4567

In Ubuntu systems, default firewall tool is UFW. Run below command to allow connection using new SSH port:

sudo ufw allow 4567

If you have installed iptables and using as firewall on your Linux server, you can open port by execute below command:

sudo iptables -A INPUT -p tcp --dport 4567 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Step 3 – Configuring SSH#

In Linux, SSH service default port are stored in /etc/ssh/sshd_config file. At first, you need to open the main SSH configuration file for editing with your favorite text editor by issuing the below command:

sudo nano /etc/ssh/sshd_config

Now search line inside file which starts with Port 22. Mostly, this line is comment out with a hash #sign. Remove the hash # and enter your new SSH port number which will be used instead of the standard SSH port 22. So it should look like as below:

Port 4567

After you’ve made the above changes, restart the SSH service to reflect changes.

sudo systemctl restart ssh

In CentOS or RHEL Linux based distributions the ssh service is named sshd so you need to run following command to restart SSH service:

sudo systemctl restart sshd

You can verify that SSH daemon is listening on the new port 4567 by issuing below command:

ss -an | grep 4567

It will show output like this:

tcp        LISTEN   0    128       0.0.0.0:4567      0.0.0.0:*
tcp        LISTEN   0    128          [::]:4567         [::]:*

Step 4 – SSH Connection Using New Port#

Now, you have changed successfully port for SSH service. To make connection using new port you have to mention port number -p with SSH command as below:

ssh -p 4567 username@remote_ip_address

Conclusion#

You learned how to change SSH port on your Linux system. If you have any questions or suggestion you can leave comment below.