If you’re looking to enhance the security of your Linux server, and looking to change SSH port on Linux is a crucial step. By default, SSH operates on port 22, making it a prime target for malicious attacks. In this guide, we will walk you through the steps to change the SSH port on your Linux system securely.
Hurray! By the end of this article, you’ll have successfully customized your SSH settings to improve your server’s security.
What is SSH and Why Change the Port?
SSH (Secure Shell) is a protocol that allows secure remote access to your server. Changing the default SSH port is a widely recommended security practice. It helps reduce the likelihood of automated attacks that target the standard port. Additionally, it allows you to manage your server more discreetly.
Prerequisites
Before we dive into the process, ensure you have the following:
- Access to a Linux server with root privileges.
- A terminal or SSH client to execute commands.
- Basic understanding of Linux command-line operations.
Steps to Change SSH Port on Linux
1. Connect to Your Server
To begin, connect to your Linux server using SSH. Open your terminal and type:
ssh username@your_server_ip
Replace username
with your actual username and your_server_ip
with your server’s IP address.
2. Open the SSH Configuration File
Next, you will need to edit the SSH configuration file. Use your favorite text editor to open the file. For example, using nano
:
sudo nano /etc/ssh/sshd_config
3. Locate the Port Directive
Within the sshd_config
file, look for the line that specifies the port number. It should look like this:
#Port 22
Remove the #
to uncomment the line and change the port number to your desired value. For example, to change it to port 2222:
Port 2222
4. Update Your Firewall Rules
After changing the SSH port, you need to update your firewall rules to allow traffic on the new port. If you’re using ufw
, run:
sudo ufw allow 2222/tcp
If you’re using iptables
, you can add a rule like this:
sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
Note: Make sure to replace 2222
with your new port number.
5. Restart SSH Service
To apply the changes, restart the SSH service with the following command:
sudo systemctl restart sshd
6. Test the New SSH Port
Before closing your existing SSH session, it’s essential to test the new port. Open a new terminal window and attempt to connect using the new port:
ssh -p 2222 username@your_server_ip
If you can connect successfully, congratulations! You’ve changed the SSH port successfully.
7. Disable the Old SSH Port (Optional)
If you’re confident that the new port works, you can disable the old port to enhance security further. If you’re using ufw
, you can deny access to port 22:
sudo ufw deny 22/tcp
8. Update Your Security Practices
To keep your server secure, consider implementing additional security measures:
- Use SSH Key Authentication: This method is more secure than using passwords. Generate SSH keys and use them for authentication.
- Install Fail2ban: This tool can help protect your server from brute-force attacks.
- Regularly Update Your System: Keeping your system updated ensures that you have the latest security patches.
Common Issues When Changing SSH Port
1. Firewall Blocking Access
If you can’t connect after changing the port, check that your firewall is allowing traffic on the new port.
2. SSH Daemon Not Restarting
Ensure that there are no syntax errors in the sshd_config
file. You can test the configuration file with:
sudo sshd -t
If there are no errors, restart the SSH service again.