Search Our Database
How to change SSH daemon port number
Introduction
By default, the SSH daemon listens on port 22 for incoming connections, which is widely known and often targeted by malicious actors. Changing the default port to a custom port number can help reduce unauthorized access attempts by obscuring the entry point. However, this is not a complete security solution, and additional security measures like SSH key authentication should also be implemented.
This guide outlines the steps to change the default SSH port on your Linux web server. It explains how to modify the SSH configuration file, update firewall rules to allow the new port, and restart the SSH service. This task is commonly performed by system administrators to enhance server security, especially when the server is exposed to the public internet.
Please note that when modifying the SSH port, care must be taken to ensure that the new port is open and accessible through your firewall, or you may inadvertently lock yourself out of the server.
Prerequisites
- Root or sudo access to the Linux server
- Basic knowledge of using SSH and iptables
- A text editor installed (e.g., vi or nano)
- Ensure the SSH service is already running on the default port or a known port
- Firewall access to update rules
Step-by-step Guide
Step 1: Access the Server
Connect to your server using SSH with the default or current SSH port. By default, this is port 22, but if you have previously changed it, use the existing port number. For example:
ssh root@your_server_ip -p 22
Step 2: Edit the SSH Configuration File
The SSH daemon’s configuration is stored in the sshd_config file. To change the port, open this file using a text editor. In this example, we’ll use vi:
vi /etc/ssh/sshd_config
Step 3: Modify the SSH Port
Once inside the configuration file, search for the line containing the default port number:
#Port 22
Uncomment the line by removing the # and replace 22 with your desired port number. For example, to change the port to 8822:
Port 8822
Step 4: Update Firewall Rules
After modifying the port, it’s crucial to ensure that your firewall allows traffic through the new port. If the firewall blocks the new port, you won’t be able to connect to the server via SSH.
To allow traffic on the new port using iptables, run the following commands:
iptables -A INPUT -p tcp --dport 8822 -j ACCEPT iptables -A OUTPUT -p tcp --sport 8822 -j ACCEPT service iptables save
Step 5: Restart the SSH Service
Finally, restart the SSH daemon to apply the changes. Run the following command:
/etc/init.d/sshd restart
Conclusion
This guide has demonstrated how to change the SSH port on a Linux server by modifying the SSH daemon configuration and updating firewall rules. After successfully completing the steps, your server will now listen for SSH connections on the new port, reducing exposure to automated attacks on port 22.
Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.