DEV Community

Cover image for How to Change the Default SSH Port to Improve Security Safely
Shannon Dias
Shannon Dias

Posted on

How to Change the Default SSH Port to Improve Security Safely

Every Linux server connected to the internet has something in common: within minutes of going live, automated bots are already knocking on port 22.

Changing your default SSH port won't make your server completely bulletproof, but it will immediately cut through the noise. Fewer failed login attempts means cleaner authentication logs and significantly less exposure to credential-stuffing scripts.

In this guide, we break down exactly how to transition to a non-standard port safely without accidentally locking yourself out of your environment.

🛠️ The Quick Reference Steps

  1. Edit Config: Modify /etc/ssh/sshd_config and set Port [your-chosen-number].
  2. Firewall First: Update UFW (sudo ufw allow [port]/tcp) or Firewalld before closing your active terminal.
  3. SELinux Check: If you are running RHEL/Rocky Linux, you'll need to authorize the port via semanage.
  4. Test: Always test the connection in a new window using ssh -p [port] user@ip before terminating your current session!

💡 For a deep dive into the exact commands, client-side configuration shortcuts, and advanced hardening tips, check out our full tutorial:

👉 Read the Complete Guide on Fit Servers

Top comments (0)