Skip to content
Related Articles
Get the best out of our app
GeeksforGeeks App
Open App
geeksforgeeks
Browser
Continue

Related Articles

How to change the default SSH port in Linux

Improve Article
Save Article
Like Article
author
kani_26
contributor
14 published articles
Improve Article
Save Article
Like Article

SSH (Secure Shell) is a network protocol used to securely connect to the remote server where the data between the server and client is transferred in an encrypted format. 

Why change the default port?

The Default SSH port is changed to provide additional security to the server in order to avoid attacks from malicious users like Brute Force attacks. It’s a trial-and-error hacking method to crack a user’s login details, credentials, and encryption keys by using n number of alphabetic combinations.

By default, SSH listens on port 22 which is known to all and it is very easy for hackers to access the encrypted data in this port than any other port. So when the default port is changed, the hacker has to try different ports which becomes much more difficult to find out the open port.

How to change the default port?

In this article, we will see how to change the default SSH port in simple and easy steps.

Step 1: Connect to the remote server

The user should connect to a remote server via SSH using a terminal or any SSH client tool like Putty, Mobaxterm, etc. 

ssh username@server_ip

For example, let’s connect to server.example.com from the terminal using the below command.

ssh root@server.example.com

In the next step, the user would be prompted to enter a password, post which the secure connection is established.

Access the remote server through SSH

Step 2: Select a new port

There are a total of 65,536 communication ports which are categorized into three ranges,

Port Category

Range

Usage

Well known/System Ports                    0 -1023These are reserved ports for running system-specific services like SSH which usually runs on 22, HTTPS listens on 443, etc and the process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports.
Registered Ports1024 – 49151                                These ports are assigned by IANA for specific services upon application by a requesting entity and they can also be used by ordinary users.
Dynamic/Private ports49152 -65535                              These ports cannot be registered with IANA, it is used for private or customized services or for temporary purposes.

In this example, we will take port 5444 and have to make sure that the port is open meaning it should not be used by any other application. There are numerous Linux commands available to list the open ports and we will check for open ports using lsof command,

sudo lsof -i -P -n | grep LISTEN

Let’s try port 5432 and see if it’s open or not,

5432 used by postgres

5432 is used by Postgres, so let’s check for another port 5444,

5444 is open

5444 port is not used by any service, so it can be taken as a default port for sshd.

Step 3: Unblock port

Once the port is selected, the user should make sure that the port is not blocked and have to open the port in order to allow traffic on it.

Run the following command to update iptables rule to allow incoming connection on the new port. 

sudo iptables -I INPUT -p tcp –dport 5444 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

 

Verify if the rule is listed in iptables,

 

Step 4: Configure SSH

Next, the new port needs to be updated in the sshd server config file named sshd_config usually located under /etc/ssh/. 

config files always present in the /etc/ directory

Open the file and look for a Port option which is usually commented out (#).

#Port 22

 

Remove the # symbol, change the default port from 22 to 5444 and save it,

Port 5444

 

Users should be careful while doing changes in the server config file as incorrect configuration might lead to the service not getting started up. As a proactive measure users can take a backup of the file before doing any changes.

Step 5: Restart service

After changing the port number, restart sshd service for the changes to take effect.

For Debian/Ubuntu,

service sshd restart

 

For CentOS/Fedora,

systemctl restart sshd

 

After the service restart, the user would not be able to connect to the server through the old port,

Connection refused with old port

Step 6: Connect with the new port

Now let’s try to connect to the remote server through new port 5444,

ssh username@server_ip -p port_number

Connection established

Conclusion

Thus using new port 5444, a secure connection has been established successfully and we have learned how to change the default sshd port. If the user regularly connects to multiple systems, work can be simplified by defining all of the remote connections in the SSH config file.

My Personal Notes arrow_drop_up
Last Updated : 02 Jan, 2023
Like Article
Save Article
Similar Reads
1. How To Generate SSH Key With ssh-keygen In Linux?
2. How to Change Default MySQL/MariaDB Port in Linux?
3. How to Create SSH Tunneling or Port Forwarding in Linux?
4. How to Change Apache HTTP Port in Linux?
5. How to Change FTP Port in Linux?
6. How To Change Default Shell In Linux
7. ssh command in Linux with Examples
8. Disconnecting Inactive SSH Connections in Linux
9. How to Disable SSH Root Login in Linux?
10. How to configure SSH Client in Linux ?
Previous
How to Get the Full Path of a File in Linux
Next
How to check how many CPUs are there in Linux system
Article Contributed By :
https://media.geeksforgeeks.org/auth/avatar.png
kani_26
strive_to_learn
Vote for difficulty
Article Tags :
Report Issue
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox