All Posts

How to change your SSH port on Linux

A quick walkthrough on how you can quickly and easily update your SSH port.

May 26th, 2020 • 3 min read

Changing your SSH port does not provide any security to your server, at least not directly. You see, there are at any one time, millions of 'bots' attempting to break into any server they can find. Often these bots just attempt to log in using a large list of commonly used passwords. They aren't very bright however. They'll almost always only try port 22 - the standard SSH port.

So by changing your SSH port to a different number, those automated bots are likely to just skip over your server.

This means that whilst it doesn't provide a direct security benefit, it does reduce the odds of one of these basic little automated bot attempting to access your server.

So, here's how you do it.

Log in as root

If you're not logged in as your root user you'll need to either run sudo su to switch to the root user, or add sudo to the beginning of the commands below.

Open the SSH config file

Using your preferred command line editor (e.g Vi, Nano, Pico, etc) open up the SSH configuration file, located at /etc/ssh/sshd_config. For our examples we're using Nano as it's the standard editor on most modern Linux distributions.

sudo nano /etc/ssh/sshd_config

Find the SSH Port settings

Browse the file, or use the search function (in Nano this can be triggered by pressing CTRL+W) and find the following line:

#Port 22

As you can see, the line is commented out. All you need to do here is remove the hash tag, and enter a new number.

When picking a new SSH port it's important to make sure its not going to clash with another service (e.g port 80 and 443 are used for web traffic), and that you don't have it blocked on your firewall.

You can enter a port number all the way up to 65535, so there's plenty of space to pick a random number. The end result should look something like this:

Port 59381

Save your changes

Once you've decided on the port number, save the file. In nano this can be done by pressing CTRL+X and then confirming the changes by pressing Y.

Applying the changes

Now that you've updated the configuration you just need to restart SSH. This command can vary depending on which Linux distribution and version you are using. Here's some of the most common ways to do this:

sudo service ssh restart

OR

sudo systemctl restart ssh

OR

sudo /etc/init.d/sshd restart

Testing your new port

It's recommended that you keep your current terminal window logged in, and open up a new one to test the new port. This is so that if something unexpected has happened, such as your firewall blocking your new port, you'll still be logged in and can revert the changes, or fix the issue.

If you're using a GUI such as Putty, you'll just need to update your configuration to use the new port.

If you're using a command line (e.g macOS Terminal) then your existing SSH login command just needs updating to include your new port, like so:

ssh user@server -p 1234

And thats it! Your server is now configured to run on a different SSH port, and those pesky bots constantly trying to log in should be no more!



Ready to secure your servers?
Get started for free today.

Copyright © 2020 ServerAuth.com, All Rights Reserved. | Terms of Service | Privacy Policy