Changing your SSH port does not provide any security to your server, at least not directly. You see, there are at any one time, millions of 'bots' attempting to break into any server they can find. Often these bots just attempt to log in using a large list of commonly used passwords. They aren't very bright however. They'll almost always only try port 22 - the standard SSH port.
So by changing your SSH port to a different number, those automated bots are likely to just skip over your server.
This means that whilst it doesn't provide a direct security benefit, it does reduce the odds of one of these basic little automated bot attempting to access your server.
So, here's how you do it.
Log in as root
If you're not logged in as your root user you'll need to either run
sudo su to switch to the root user, or add
sudo to the beginning of the commands below.
Open the SSH config file
Using your preferred command line editor (e.g Vi, Nano, Pico, etc) open up the SSH configuration file, located at
/etc/ssh/sshd_config. For our examples we're using Nano as it's the standard editor on most modern Linux distributions.
sudo nano /etc/ssh/sshd_config
Find the SSH Port settings
Browse the file, or use the search function (in Nano this can be triggered by pressing CTRL+W) and find the following line:
As you can see, the line is commented out. All you need to do here is remove the hash tag, and enter a new number.
When picking a new SSH port it's important to make sure its not going to clash with another service (e.g port 80 and 443 are used for web traffic), and that you don't have it blocked on your firewall.
You can enter a port number all the way up to 65535, so there's plenty of space to pick a random number. The end result should look something like this:
Save your changes
Once you've decided on the port number, save the file. In nano this can be done by pressing CTRL+X and then confirming the changes by pressing Y.
Applying the changes
Now that you've updated the configuration you just need to restart SSH. This command can vary depending on which Linux distribution and version you are using. Here's some of the most common ways to do this:
sudo service ssh restart
sudo systemctl restart ssh
sudo /etc/init.d/sshd restart
Testing your new port
It's recommended that you keep your current terminal window logged in, and open up a new one to test the new port. This is so that if something unexpected has happened, such as your firewall blocking your new port, you'll still be logged in and can revert the changes, or fix the issue.
If you're using a GUI such as Putty, you'll just need to update your configuration to use the new port.
If you're using a command line (e.g macOS Terminal) then your existing SSH login command just needs updating to include your new port, like so:
ssh user@server -p 1234
And thats it! Your server is now configured to run on a different SSH port, and those pesky bots constantly trying to log in should be no more!