How to change SSH port on Linux

The default port for SSH on Linux systems is 22. There are a few reasons why you may want to change this to some other number. If multiple servers share the same IP address (behind a NAT configuration, for example) you usually can’t have them running SSH on the same port and expect to access them from outside the network.

The other big reason is security. Changing the SSH port would fall under “security through obscurity” which means that the security isn’t technically enhanced, but the SSH port has been obscured and isn’t as easy for attackers to access. In practice, this means that the thousands of bots scanning the internet for open SSH servers are a lot less likely to find yours.

In this article, we’ll take you through the step by step instructions of changing the default SSH port on Ubuntu Linux and CentOS Linux. Since Ubuntu is based on Debian, you can also apply the same instructions to other Debian based systems, like Linux Mint. CentOS is based on Red Hat, so its instructions can also be extended to Fedora and other similar Linux distributions.

In this tutorial you will learn:

  • How to change SSH port on Ubuntu and CentOS Linux

Changing SSH port on Linux

Changing SSH port on Linux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Ubuntu Linux and CentOS Linux
Software OpenSSH
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Change SSH port on Ubuntu or CentOS

Open a command line terminal and follow along with the steps below to configure the SSH port on Ubuntu and other Debian based systems, as well as CentOS and other Red Hat based systems.

  1. Start by opening the /etc/ssh/sshd_config configuration file with nano or your preferred text editor.
    $ sudo nano /etc/ssh/sshd_config
  2. Look for the #Port 22 line. We’ll need to uncomment this line and change the number to our desired port number. For this example, we’ll switch the port number to 2222.
    #Port 22
    Port 2222
  3. Save the changes you’ve made to this file and exit. Finish up my reloading the sshd service.
    $ sudo systemctl reload sshd
  4. To make sure everything is working, you can try to SSH on the new port. You’ll need to use the -p option to instruct the client to use some other port than the default 22.
    $ ssh -p 2222 user@localhost

Additional configuration for Ubuntu

Ubuntu has UFW firewall installed by default. If you’re running UFW firewall and need to allow traffic to the new port, use the command below. Alternatively, check out our full guide on using UFW firewall.

$ sudo ufw allow 2222/tcp

Additional configuration for CentOS

CentOS doesn’t use UFW by default, but if you happen to have it installed, make sure you also use the UFW command above.

CentOS uses SELinux (Security Enhanced Linux module) and firewalld by default. We’ll need to add an exception in order to allow SSH access on the newly configured port.

  1. First, make sure SELinux is actually enabled. If it’s not, you can skip this entirely.

    # sestatus
    SELinux status:	enabled
  2. Use the semanage utility to add a new port number for SSH.
    # semanage port -a -t ssh_port_t -p tcp 2222
  3. Add the new port to firewalld’s configured zone (“public” by default).
    # firewall-cmd --zone=public --add-port=2222/tcp --permanent
  4. Reload firewalld to finalize the changes.
    # firewall-cmd --reload

Closing Thoughts

In this guide, we saw how to change the default SSH port on Ubuntu and CentOS, as well as similar distributions. Following these steps will offer some security through obscurity and, if nothing else, cut down on the intrusion attempts constantly launched by bots around the world.

Comments and Discussions
Linux Forum