Introduction
Before we begin talking about how to change the SSH Port on Linux, let's briefly understand – What is SSH Port ?
SSH port, stands for Secure Shell port, is a secure communication protocol for remote access to Linux. It allows users to securely connect to a remote server or device over an encrypted connection.
By default, SSH uses port 22 for communication. However, it is recommended to change the default SSH port for enhanced security. This can be done by modifying the SSH configuration file and updating the firewall settings accordingly. Changing the SSH port helps in minimizing exposure to potential attacks and adds an extra layer of protection to your system.
It is advisable to choose a port number above 1024 to avoid conflicting with already assigned ports. By configuring your firewall to allow access to the new SSH port, you can ensure secure remote access to your Linux system.
In this tutorial, you will change the SSH Port on Linux. We will also address a few FAQs on how to change the SSH Port on Linux.
Advantages of SSH Port
- Enhanced Security: SSH uses encryption to protect data transmitted over the network.
- Remote Access: SSH enables access to a Linux system from anywhere, facilitating remote administration.
- Encryption: All communication through SSH is encrypted, ensuring confidentiality.
- Port Forwarding: SSH allows for secure tunneling of network connections.
- Authentication: SSH supports various authentication methods, such as public key authentication, for secure access control.
Changing the SSH Port
Changing an image's SSH port is a simple process. It's as simple as editing the SSH configuration file and restarting the service.
The parts that follow will show you how to alter the SSH Port on a Linux machine.
1) Choosing a New Port Number
Port numbers lower than 1024 on Linux are reserved for well-known services and can only be bound by root. Although you can use a port between 1 and 1024 for the SSH service to avoid future port allocation concerns, it is suggested that you use a port greater than 1024.
In this example, the SSH port will be changed to 5522, however, you can use whatever port you like.
2) Adjusting the Firewall
If you want to allow traffic on the new SSH port, you will have to adjust your firewall before changing the SSH Port.
Run the following command to open the new SSH port if you're using UFW, Ubuntu's default firewall setting tool:
sudo ufw allow 5522/tcp
FirewallD is the default firewall administration tool in CentOS. Run the following commands to open the new port:
sudo firewall-cmd --permanent --zone=public --add-port=5522/tcp
sudo firewall-cmd --reload
SELinux rules must also be adjusted for CentOS users:
sudo semanage port -a -t ssh_port_t -p tcp 5522
To open the new port if you're using iptables as your firewall, type:
sudo iptables -A INPUT -p tcp --dport 5522 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
3) Configuring SSH
With your text editor, open the SSH configuration file /etc/ssh/sshd config:
sudo vim /etc/ssh/sshd_config
Now, search for the line starting with Port 22. This line starts with the # character generally. Enter the new SSH port after removing the hash #.
Port 5522
When editing the SSH configuration file, exercise extreme caution. The SSH service may fail to start due to the wrong configuration.
To apply the modifications, save the file and restart the SSH service:
sudo systemctl restart ssh
SSH service is named as sshd in CentOS:
sudo systemctl restart sshd
Type the below command to see if the SSH daemon is listening on port 5522:
ss -an | grep 5522
You will get an output like below:
Output
tcp LISTEN 0 128 0.0.0.0:5522 0.0.0.0:*
tcp ESTAB 0 0 192.168.121.108:5522 192.168.121.1:57638
tcp LISTEN 0 128 [::]:5522 [::]:*
Using the New SSH Port
Use the ssh command with the -p <port number> argument to specify the port:
ssh -p 5522 username@remote_host_or_ip
If you connect to several servers on a frequent basis, you can make your process easier by defining all of your connections in the SSH config file.
FAQs to Change the SSH Port on Linux
Why should I change the default SSH port?
Changing the default SSH port adds an extra layer of security by making it harder for potential attackers to discover and target your SSH service.
Can I choose any port number for SSH?
Yes, you can choose any available port number above 1024. Ensure the chosen port is not used by other services to avoid conflicts.
Do I need to update my firewall after changing the SSH port?
Yes, you need to update your firewall settings to allow incoming connections to the newly assigned SSH port. Ensure your firewall permits SSH traffic on the updated port.
How can I verify if the new SSH port is functioning correctly?
After changing the port, attempt to connect to your Linux system using specified port using an SSH client. If successful, the port is functioning correctly.
What if I forget the new SSH port?
If you forget the new SSH port, you may lose remote access to your Linux system. It is important to keep a record of the changed port for future reference.
Is changing the SSH port enough to secure my system?
Changing the SSH port is one step towards securing your system, but it is recommended to implement other security measures such as strong authentication, firewall rules, and regular system updates.
What should I do if I experience issues after changing the SSH port?
If you face connectivity issues after changing the SSH port, ensure the port is correctly configured in the SSH configuration file and that the firewall allows incoming connections to the new port.
Conclusion
You learned how to modify the SSH port on a Linux server in this lesson. Set up SSH key-based authentication so you may log in to your Linux servers without having to enter a password.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.
