SSH (Secure Shell) is a widely used protocol for secure remote access and management of Linux servers. By default, SSH listens on port 22. Changing the default SSH port can add an extra layer of security to your server by making it more difficult for attackers to perform automated attacks or scans.
In this step-by-step guide, we will show you how to change the default SSH port on a Linux system. By following these steps, you will enhance your server’s security and reduce the likelihood of unauthorized access.
Step 1: Edit the SSH Configuration File
To change the default SSH port, you need to edit the SSH configuration file. Open the file using a text editor like nano or vi:
sudo nano /etc/ssh/sshd_config
Locate the following line in the file:
#Port 22
Uncomment the line by removing the “#” symbol, and change the port number (22) to your desired port number. For example, to change the port to 2222:
Port 2222
Save and close the configuration file.
Step 2: Adjust Your Firewall Rules
If you’re using a firewall, you need to adjust its rules to allow incoming connections on the new SSH port. For example, if you’re using UFW (Uncomplicated Firewall), run the following commands to update the firewall rules:
sudo ufw allow 2222/tcp sudo ufw delete allow 22/tcp sudo ufw reload
Replace “2222” with the new port number you set in the SSH configuration file.
Step 3: Restart the SSH Service
After updating the configuration file and firewall rules, restart the SSH service to apply the changes:
sudo systemctl restart ssh
Step 4: Test the New SSH Port
To ensure the changes have been applied successfully, try connecting to your server via SSH using the new port number:
ssh -p 2222 user@your_server_ip
Replace “2222” with the new port number, “user” with your username, and “your_server_ip” with your server’s IP address.
If you can connect to the server without any issues, you have successfully changed the default SSH port.
Commands Mentioned:
- nano – A text editor for Linux
- ufw – Uncomplicated Firewall command-line utility
- systemctl restart – Restart a system service
- ssh – Secure Shell command-line utility
Conclusion
In this guide, we have demonstrated how to change the default SSH port on a Linux system. By changing the default SSH port, you can add an extra layer of security to your server, making it more difficult for attackers to perform automated attacks or scans. Keep in mind that this is just one of many steps to secure your Linux server. Regularly updating your software, using strong authentication methods, and following best security practices will further improve the overall security of your system.
If you have any questions, comments, or suggestions for improvement, please feel free to share your thoughts in the comments section below. Your feedback is invaluable to us, and it helps us create better and more informative content for our users.