A secure shell or SSH protocol encrypts the connection between two computers, thus providing a secure way of accessing remote devices. SSH is used extensively in remote logins and it is now the de-facto utility for secure client-server communication. The process of changing the SSH port is explained in this article.
The Default SSH Port Number
A port number is used to identify a process or an application that is communicating over a network. Any incoming data can be correctly forwarded to the application by using the relayed port number. Outgoing data can mention a port number so that the receiver can correctly identify the source of information. SSH server by default uses port 22.
Why should you change the default port number?
Changing the default SSH port number will slightly bump the security of your server. The default port 22 can make the device vulnerable to brute force login attempts by bots. With a different port number, you can add an extra layer of security. Though this is not a robust security measure, it still makes the life of an attacker difficult as he/she will have to guess the correct port number or use other tools to scan and find out the correct port number. Changing the SSH port number should be the very first step you should consider when securing your server.
Changing the SSH Port Number
SSH port can be changed using a couple of commands. To check current port number being used by SSH, run the command below:
$ grep -i port /etc/ssh/sshd_config
You will get some output like this:
#Port 22
#GatewayPorts no
You can see the port number currently being used in the first line of the output.
Now to change the port number, run the command below to edit the SSH config file. You can replace “nano” with the command of your favorite text editor.
$ sudo nano /etc/ssh/sshd_config
Locate the “Port 22” or similar line you found in the output above. Uncomment (by removing the “#” symbol) and change the port value according to your needs. It is a good idea to use a port number greater than or equal to 1024. Anything below this may already be used by another system program. 65535 can be the highest possible port value.
After changing the port, you need to restart the SSH daemon. You can do so by running the command below:
$ sudo systemctl restart sshd
Verifying the New Port Number
To verify that the new port number is being used, run one of the commands below:
$ sudo ss -tulpn | grep ssh
$ sudo netstat -tulpn | grep ssh
For netstat to work, you will need to install net-tools on Ubuntu:
$ sudo apt install net-tools
After running the commands above, you will see some output like this (assuming that the new port number is 5555):
tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN 14208/sshd: /usr/sb
tcp6 0 0 :::5555 :::* LISTEN 14208/sshd: /usr/sb
tcp LISTEN 0 128 0.0.0.0:5555 0.0.0.0:* users:((“sshd”,pid=14208,fd=3))
tcp LISTEN 0 128 [::]:5555 [::]:* users:((“sshd”,pid=14208,fd=4))
You can now make a SSH connection to a server using the following command format:
Replace port_number, username, and ip_address according to your needs.
Conclusion
Keeping SSH port to the default value makes brute force login attempts easier for attackers. While changing the port number may not fully secure the device, it hardens the security layer by obscuring the port number.
About the author
Nitesh Kumar
I am a freelancer software developer and content writer who loves Linux, open source software and the free software community. I maintain a blog that lists new Android deals everyday.
