Why Change SSH Port?
Port 22 is the standard designated port for SSH connections.For enhanced security, it's highly recommended to change the default SSH port to a different, less obvious one. This makes it harder for attackers to target your SSH connection.
Here's why changing it is a smart security practice:
Brute-Force Attacks: Automated scripts and bots constantly scan the internet for open port 22, trying to crack passwords with repeated login attempts (brute-force attacks). An unusual port number significantly reduces this risk.
Reduced "Noise": A standard SSH port receives constant connection attempts, many of them unauthorized. This generates unnecessary logs and can mask real attack attempts.
Security Through Obscurity: It's one layer of defense (not a replacement for strong passwords or firewalls!). Attackers are less likely to spend time probing random ports.
Improved Organization: If you manage multiple servers, using different SSH ports can help to identify and manage them more easily.
Note: Consider selecting a port outside the well-known range (0-1023) and the registered ports range (1024-49151). It’s advisable to opt for a custom port within the dynamic or private ports range (49152-65535).
How to change default ssh port in Ubuntu Server
A. Login to your remote server using default port 22
sudo ssh root@your_ip_address
Give password if asked.
B. Backup: Keeping a backup of your file is always a good option. Use this command to create a backup first:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
C. Change Port: Open your sshd_config file using a editor:
sudo vim /etc/ssh/sshd_config
Change commented out line from
#Port 22
to port to your want to change
Port 45673
save and exit
D. Restart the ssh service
sudo service sshd restart
OR
sudo systemctl restart sshd
E. Check if sshd service is restarted
sudo systemctl status sshd
F. If your server has firewall enabled allow the server to listen on new port. For ufw
use:
sudo ufw allow 45673/tcp
G. Reload the firewall
sudo ufw reload
H. Check the firewall status
sudo ufw status
I. Now don't exit, open a new shell. Check if you can connect using new port:
ssh -p 45673 root@your_ip_address
If you can, then your good to go. If it shows refused to connect
then your firewall didn't allow the port, change the firewall rule. Or if it's show Bad Port
then this port is used in other work, change the port.
Thanks for reading.
Top comments (0)