DEV Community

Cover image for How to change default SSH Port in Ubuntu Server
coder7475
coder7475

Posted on • Updated on

How to change default SSH Port in Ubuntu Server

Why Change SSH Port?

Port 22 is the standard designated port for SSH connections.For enhanced security, it's highly recommended to change the default SSH port to a different, less obvious one. This makes it harder for attackers to target your SSH connection.

Here's why changing it is a smart security practice:

  • Brute-Force Attacks: Automated scripts and bots constantly scan the internet for open port 22, trying to crack passwords with repeated login attempts (brute-force attacks). An unusual port number significantly reduces this risk.

  • Reduced "Noise": A standard SSH port receives constant connection attempts, many of them unauthorized. This generates unnecessary logs and can mask real attack attempts.

  • Security Through Obscurity: It's one layer of defense (not a replacement for strong passwords or firewalls!). Attackers are less likely to spend time probing random ports.

  • Improved Organization: If you manage multiple servers, using different SSH ports can help to identify and manage them more easily.

Note: Consider selecting a port outside the well-known range (0-1023) and the registered ports range (1024-49151). It’s advisable to opt for a custom port within the dynamic or private ports range (49152-65535).

How to change default ssh port in Ubuntu Server

A. Login to your remote server using default port 22

  sudo ssh root@your_ip_address
Enter fullscreen mode Exit fullscreen mode

Give password if asked.

B. Backup: Keeping a backup of your file is always a good option. Use this command to create a backup first:

 sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
Enter fullscreen mode Exit fullscreen mode

C. Change Port: Open your sshd_config file using a editor:

  sudo vim /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Change commented out line from

  #Port 22
Enter fullscreen mode Exit fullscreen mode

to port to your want to change

  Port 45673
Enter fullscreen mode Exit fullscreen mode

save and exit

D. Restart the ssh service

  sudo service sshd restart
Enter fullscreen mode Exit fullscreen mode

OR

  sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

E. Check if sshd service is restarted

  sudo systemctl status sshd
Enter fullscreen mode Exit fullscreen mode

F. If your server has firewall enabled allow the server to listen on new port. For ufw use:

 sudo ufw allow 45673/tcp
Enter fullscreen mode Exit fullscreen mode

G. Reload the firewall

  sudo ufw reload
Enter fullscreen mode Exit fullscreen mode

H. Check the firewall status

  sudo ufw status
Enter fullscreen mode Exit fullscreen mode

I. Now don't exit, open a new shell. Check if you can connect using new port:

  ssh -p 45673 root@your_ip_address
Enter fullscreen mode Exit fullscreen mode

If you can, then your good to go. If it shows refused to connect then your firewall didn't allow the port, change the firewall rule. Or if it's show Bad Port then this port is used in other work, change the port.

Thanks for reading.

References

  1. https://www.youtube.com/watch?v=bFgPpJs4ndQ&list=PLbGui_ZYuhij0mM8xP2udM_EDvl8JNdtn&index=13

  2. https://www.hostinger.com/tutorials/how-to-change-ssh-port-vps

  3. https://monovm.com/blog/default-ssh-port/#:~:text=There%20are%20over%2065%2C000%20possible,designated%20port%20for%20SSH%20connections

Top comments (0)