The SSH (Secure Shell) is the most secure way to communicate with local or remote servers. The SSH communication between the server and client is encrypted and is listened to on a specific port. Port 22 is the default port that is allocated to communicate via the SSH server. The SSH server can be accessed by using the “username”, “port number”, and “IP address” to share the files locally or remotely.
This guide will explain the reason and methods to change the default SSH port with the below-supporting topics:
- Why Do We Need to Change the Default SSH Port?
- How to Access SSH Service?
- Method 1: Edit the SSH Configuration File
- Method 2: Using the sed Command
Let’s discuss the reasons to change the default SSH port first.
Why Do We Need to Change the Default SSH Port?
There are several purposes to changing the default SSH port, as follows:
- Security Reasons to prevent SSH servers from automated attacks and protect the server from potential attacks targeted on the default port 22.
- Makes it more difficult to discover your server by the scanner looking for weak passwords on default ports.
- Helps to reduce/distribute the overall traffic to the server, which improves the overall performance and reduces the risk of overload. It also keeps the logs lighter and cleaner.
- If several servers are running on a single network, each with its own SSH network, to separate the users on different ports.
Let’s check the methods to create the SSH connection.
How to Change Default SSH Port?
This section describes two methods for changing the default SSH.
Method 1: Edit the SSH Configuration File
The SSH default port can be changed by editing the SSH system configuration “/etc/ssh/sshd_config“. To change the default SSH port by using the “/etc/ssh/sshd_config”, follow the below steps:
Step 1: Open the SSH System Configuration File
For changing the default SSH port, open the SSH system configuration file “.etc/ssh/sshd_config” in nano editor by running the below-mentioned command:
$ sudo nano /etc/ssh/sshd_config
The above SSH configuration file interface will open up.
The port allocation by the ICANN (International Corporation for Assigned Names and Numbers) is as follows:
- 0-1023: Reserved for the well-known or system ports.
- 1024: 49151: Reserved for the user or registered ports.
- 49152-65535: Reserved for the dynamic/private ports.
Note: It’s better to choose a port number between 1024 to 65535 because the port numbers below 1024 are reserved for well-known system services.
Step 2: Change the SSH Port to New Port Number
Navigate to the “# Port 22” line and change the port number to the new port number; in this case, the port number is changed to “2200”:
Save and quit the editor.
Step 3: Restart SSH Service
Restart the SSH service using the following command:
$ sudo systemctl restart ssh
Step 4: Verify the SSH Port is Changed
To verify that the SSH port number is changed, execute the below command:
Note: Replace the “2200” with your new port number.
$ ss -an | grep 2200
The output shows that the port number is changed to “2200”.
Step 5: Connect to SSH Server Using the New Port
Let’s connect to the SSH server on the new port number 2200 by running the following command in the terminal:
$ ssh [email protected] -p 2200
The SSH is successfully connected locally to port “2200”.
Method 2: Using the sed Command
The sed command can change the default SSH port number 22.
- For instance, to change the port number from the default “22” to the “2222”, the below single command is executed:
$ sudo sed -i 's/Port 22/Port 2222/' /etc/ssh/sshd_config
- Then restart the SSH service by using the following command:
$ sudo systemctl restart ssh
- Verify that the default SSH port is changed to “2222” by using the following command:
$ ss -an | grep 2222
The default SSH port is changed to “2222”.
- Let’s create the connection to the SSH server on the new port “2222” by utilizing the following command:
$ ssh [email protected] -p 2222
The SSH connection is successfully established on the new port “2222”.
That’s how to change the default SSH port.
Conclusion
The SSH default port is “22”, which can be changed due to security reasons to avoid scanners randomly looking on a network for weak passwords. To change the SSH default port “22”, we can change the port number manually from the ssh configuration file “/etc/ssh/sshd_config” to the new port number or run the “sed” command in the terminal with the new port number.
