Home Secure Shell (SSH) How to Change SSH Default Port To A Custom Port In Linux

How to Change SSH Default Port To A Custom Port In Linux

By sk
Published: Last Updated on 1.6K views

In our previous parts, we saw how to change Apache and FTP default ports to a custom port of our choice. This is the third and last part of this series. In this tutorial, we will discuss how to change SSH default port to any random port. Similar to previous guides, It is also easy to implement. Read on.


If you haven't read the previous parts yet, refer the following links.


Change SSH default port to a custom port

Changing ssh default port is pretty easy and it is almost same on all modern Linux operating systems.

To change the SSH default port, edit /etc/ssh/sshd_config file:

$ sudo vi /etc/ssh/sshd_config

As you probably know, the SSH default port is 22. So, we will change it to any random number, for example 2022.

To do so, edit or add the following line:

Port 2022

Save and close the file. Restart ssh service.

$ sudo systemctl restart sshd

Or

$ sudo service sshd restart

In RHEL/CentOS systems, adjust SELinux and Firewall settings to allow the new port.

$ sudo semanage port -a -t ssh_port_t -p tcp 2022

If semanage command is not found, install the following package:

$ sudo yum install policycoreutils-python

In RHEL / CentOS / AlmaLinux / Rocky Linux:

$ sudo firewall-cmd --permanent --add-port=2022/tcp
$ sudo firewall-cmd --reload

In RHEL 6 / CentOS 6:

$ sudo vi /etc/sysconfig/iptables

Comment out the default port 22 line:

# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

And add the new custom port line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file.

Restart iptables to take effect the changes.

$ sudo service iptables restart

Finally, restart ssh service:

$ sudo service sshd restart

Verify the port settings using command:

$ sudo netstat -tulpn | grep :2022

Sample output:

tcp        0      0 0.0.0.0:2022            0.0.0.0:*               LISTEN      18680/sshd          

tcp6       0      0 :::2022                 :::*                    LISTEN      18680/sshd

Now, try to SSH from any client systems using the port number as shown below.

$ ssh -p 2022 ostechnix@192.168.1.150

Sample Output:

ostechnix@192.168.1.150's password: 

Last login: Wed Jan 20 15:45:16 2016

[ostechnix@server ~]$

Conclusion

As I said in the first part of this series, these methods alone will not keep your server safe and secure. There are many tasks you need to consider such as firewall implementation, DDoS, Brute-force attacks prevention, installing security patches, updating your server and applications regularly etc. But these are the first and foremost things you should do before implementing any security methods. Now, your Linux server is bit more secure than before.

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More