How to Change Your SSH Port from the Default Port

How to Change Your SSH Port from the Default Port

Secure Shell (SSH) is the most popular method of remotely connecting to your Linux Machine. The protocol offers strong authentication hence maintaining the security and integrity of your Linux computer.

SSH utilizes strong encryption and allows users or automated processes to access, interact and even transfer files from a server. Once connected, a user can issue Linux commands to perform mission critical operations.

By default, SSH runs on port 22. A port is simply a communication endpoint where a process is routed once it arrives on a server. To connect through SSH, a user requires the port number (e.g. 22 in this case) and a public IP address of the server alongside a username and a password.

To prevent automated bots and malicious users from brute-forcing to your server, you should consider changing the default SSH port to something else.

An intelligent attacker would still scan your server to determine open ports and services running on them. However, changing the default SSH port will block thousands of those automated attacks that don’t have time to rotate ports when targeting a Linux Server.

In this guide, we will explore how you can change your default SSH port and we will also discuss other preventive measures for protecting SSH access on your server.

Prerequisites

  • A VPS plan running any Linux distribution (e.g. Ubuntu, CentOs, Debian)
  • A non-root user with sudo privileges

Special Note: if you are looking to move to a VPS plan, we recommend that you consult with HostAdvice’s Best VPS hosting providers list. If you are not running a Linux distribution, but are considering it,  we recommend looking at Hostadvice’s Best Linux Hosting services list.

Step 1: Connect to your server through SSH

Before you begin, you need to SSH to your Linux machine through SSH. You should have your server IP address, username and password. If you are connecting from Windows, download PuTTY. Also the basic command of connecting through another Linux machine has the following syntax:

$ ssh -p 22 username@198.18.0.6

Remember to change the username and IP address. The user in this case must have sudo privileges

Step 2: Choosing a new SSH port

ICAAN (Internet Corporation for Assigned Names and Numbers) is an organisation that controls namespaces and numerical spaces of the internet to ensure its stable and secure operation.

ICAAN classifies ports in two three categories:

  1. System/well known ports: 0-1023
  2. User or registered ports: 1024-49151
  3. Dynamic/private ports: 49152-65535

To prevent mis-configuring your server, you should choose a port from the dynamic/private ports range (e.g. 49160, 53425, 64342 and so on).

Step 3: Changing the default SSH port

To change the default port the SSHD daemon is listening on. We can edit the configuration file using a nano editor:

$ sudo nano /etc/ssh/sshd_config

Then look for the line below:

# Port 22

First comment the line by removing the pound sign before the line. Then, enter your preferred port on the right side.

Port 58342

To avoid completely locking yourself from your system, you should whitelist the port that you have specified above on your firewall.

Step 4: Restart SSH

Once you make a change to the SSHD daemon configuration file, you should restart the services to reload the new changes.

$ sudo service sshd restart

Step 5: Test the changes

Before you log out from your current SSH session, try connecting to your server again. But this time, use the new SSH port that you have specified above. Opening a new session prior to closing the original one ensures that you don’t completely lock yourself from your Linux server in case there are complex IP table rules preventing direct access to your server via the new SSH port.

Step 6: Other considerations

Like we said above, changing the default SSH port will not keep hackers and malicious users from the system. You should consider additional layers of security to be on the safe side. For instances, choose strong password with a mix of lower case, upper case, numbers and symbols.

Also, if you are connecting from a static IP address, you might consider whitelisting only the IP addresses that you are connecting from. Another great layer of security is disabling password login and only allowing users to log in on your server using authentication key pair.

Conclusion

In this guide, we showed you how to change the default SSH port on your Linux machine. We have also discussed additional steps that you can take to safeguard your server. Remember to use the new private port range to keep your server stable and avoid disrupting running services.

 

Check out these top 3 Dedicated server hosting services:

Hostinger
AU$4.50 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
IONOS
AU$1.50 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
Ultahost
AU$4.36 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Enable Two-Factor Authentication on an Ubuntu 18.04 VPS or Dedicated Server

This guide will show you how you enable two-factor authentication to improve the
4 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Set Up SSH for your Ubuntu 18.04 VPS or Dedicated Server

This how-to article shows you how to create a public and a private key for acces
4 min read
Arvind Singh
Arvind Singh
Hosting Expert

How To Set Up SSH for an Ubuntu 16.04 VPS From a Linux Client

How to set up ssh private key authentication on an Ubuntu 16.04 server with a Li
2 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Install a Let’s Encrypt Certificate on your Ubuntu 18.04 Dedicated Server or VPS

If you are hosting your website on a VPS server running Ubuntu 18.04, we will sh
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top