SSH to Port Other Than 22

Learn how to connect via SSH to a port other than the default 22. Also learn how to change the SSH server port.
Warp Terminal

One of the SSH hardening practice is to change the default SSH port. It reduces the number of bot attacks on the server.

The default SSH port number is 22. So when you use ssh user@IP, it tries to connect to the default port 22. But if the remote server uses some other port for SSH, you should provide the port number:

ssh -p port_number user@IP

Let's say you want to connect to a remote server with IP 64.227.184.93 that accepts SSH connections at port number 7770.

ssh -p 7770 [email protected]

That was about connecting to a different port via SSH. What about changing the SSH port on your server?

Change the default SSH port on Linux server

The process is simple:

  • Decide which port number XXXX you want to use
  • If you have an active firewall on the server, allow the new port XXXX
  • Edit the /etc/ssh/sshd_config file and replace the line #Port 22 with Port XXXX
  • Restart the SSH service with systemctl restart sshd

Let's see it in details.

Step 1: Choose a port number

You can choose any port number between 0 and 65535 except the common networking ports like 21, 80, 443 etc.

Can't pick. Let's say you use 7770 for the new SSH port.

Now, log in to the server where you want to make these changes.

Step 2: Allow the new port through the firewall

As a sysadmin you probably know if there is a firewall active on your system or not.

Different types of distributions have different firewalls. I cannot cover all of them so that onus lies on you.

I am using Ubuntu server and there you have the UFW. Check the UFW firewall status:

sudo ufw status

If it is active, allow the new port through the firewall:

sudo ufw allow 7770

Step 3: Edit the ssh config file

Use Vim or Nano to edit the config file in the terminal. I'll use nano here:

nano /etc/ssh/sshd_config

In the file locate the line with #Port 22. It should be at the beginning of the file.

ssh config file

Change the line to Port xxxx format where xxxx is the port number you chose:\

Save the changes and exit the nano editor.

Step 4: Restart SSH service

Now that you have made changes to config file, restart the service SSH daemon.

Most distros these days use systemd and hence use this command to restart it:

systemctl restart sshd

And that's it. No need to restart the server itself.

Now when you have to connect to the server via SSH, specify the port number:

ssh -p xxxx user@ip

Conclusion

Not that it will stop SSH attacks but changing the default port does reduce the number of attacks automated bot target on the port 22.

I hope you find this quick tutorial helpful. Let me know if you have any questions.

About the author
Abhishek Prakash

Abhishek Prakash

Created It's FOSS 11 years ago to share my Linux adventures. Have a Master's degree in Engineering and years of IT industry experience. Huge fan of Agatha Christie detective mysteries πŸ•΅οΈβ€β™‚οΈ

It's FOSS

Making You a Better Linux User

It's FOSS

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.