View Categories

How to change SSH port to a custom port

Eugene
Updated on October 9, 2024

Changing the default SSH port (22) to a custom port (like 1026) is a common security practice that helps reduce unauthorized login attempts. Below is a step-by-step guide to change the SSH port on your server.

Prerequisites #

  1. Root or sudo user access to the server.
  2. SSH client: You should have SSH access to your server to make the necessary configuration changes.
  3. Firewall access: Ensure that your firewall (if any) is open for the new SSH port before changing it.

Step-by-Step Guide to Changing the SSH Port #

Follow these steps

Step 1: Choose a New SSH Port #

Select an available port number that is not already in use by other services on your server. It’s recommended to use a port number higher than 1024, as ports below this range are reserved for specific services

Step 2: Update the SSH Configuration File #
  • Access your server via SSH using the current port (default is 22). See this
  • Open the SSH configuration file (sshd_config) for editing, using your preferred text editor
sudo vi /etc/ssh/sshd_config or sudo nano /etc/ssh/sshd_config
  • Find the line that specifies the port (usually commented out):
Port 22
  • Uncomment the line (remove the #) and change the value to your custom port number:
  • Save the file and exit the text editor (if using vim, press ESC , then wq, then Enter).
Step 3: Adjust Firewall Settings #

If you are using a firewall (e.g., firewalld, iptables, or ufw), you must allow traffic on the new SSH port.

If you do not have your firewall on, you may either turn it on then allow the port or just leave it like that since the firewall is off.

For Firewalld (Centos, Almalinux, RedHart):

  • Add the new SSH port (e.g., 1026):
sudo firewall-cmd --permanent --add-port1026/tcp
  • Reload the firewall:
sudo firewall-cmd --reload

For UFW (Ubuntu systems):

  • Allow the new SSH port:
sudo ufw allow 1026/tcp
  • Reload the firewall:
sudo ufw reload

For Iptables:

  • Add the new SSH port to iptables:
sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
  • Save the iptables rules (on CentOS, use service iptables save).
Step 4: Restart the SSH Service #
  • After making changes to the SSH configuration, you must restart the SSH service for the changes to take effect.
sudo systemctl restart sshd
Step 5: Test the New SSH Port #
  • Before closing your current SSH session, test the new port to ensure you can still access the server.
  • Replace 1026 with the port number you chose and server_ip with your server’s IP address.
ssh -p 1026 root@server_ip
  • If the connection works, your port change is successful.
Updated on October 9, 2024

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *