The default port for SSH on Linux systems is 22. There are a few reasons why you may want to change this to some other number. If multiple servers share the same IP address (behind a NAT configuration, for example) you usually can’t have them running SSH on the same port and expect to access them from outside the network.
The other big reason is security. Changing the SSH port would fall under “security through obscurity” which means that the security isn’t technically enhanced, but the SSH port has been obscured and isn’t as easy for attackers to access. In practice, this means that the thousands of bots scanning the internet for open SSH servers are a lot less likely to find yours.
In this article, we’ll take you through the step by step instructions of changing the default SSH port on Ubuntu Linux and CentOS Linux. Since Ubuntu is based on Debian, you can also apply the same instructions to other Debian based systems, like Linux Mint. CentOS is based on Red Hat, so its instructions can also be extended to Fedora and other similar Linux distributions.
In this tutorial you will learn:
- How to change SSH port on Ubuntu and CentOS Linux
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Ubuntu Linux and CentOS Linux |
| Software | OpenSSH |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Change SSH port on Ubuntu or CentOS
Open a command line terminal and follow along with the steps below to configure the SSH port on Ubuntu and other Debian based systems, as well as CentOS and other Red Hat based systems.
- Start by opening the
/etc/ssh/sshd_configconfiguration file with nano or your preferred text editor.$ sudo nano /etc/ssh/sshd_config
- Look for the
#Port 22line. We’ll need to uncomment this line and change the number to our desired port number. For this example, we’ll switch the port number to2222.From: #Port 22 To: Port 2222
- Save the changes you’ve made to this file and exit. Finish up my reloading the sshd service.
$ sudo systemctl reload sshd
- To make sure everything is working, you can try to SSH on the new port. You’ll need to use the
-poption to instruct the client to use some other port than the default 22.$ ssh -p 2222 user@localhost
Additional configuration for Ubuntu
Ubuntu has UFW firewall installed by default. If you’re running UFW firewall and need to allow traffic to the new port, use the command below. Alternatively, check out our full guide on using UFW firewall.
$ sudo ufw allow 2222/tcp
Additional configuration for CentOS
CentOS doesn’t use UFW by default, but if you happen to have it installed, make sure you also use the UFW command above.
CentOS uses SELinux (Security Enhanced Linux module) and firewalld by default. We’ll need to add an exception in order to allow SSH access on the newly configured port.
- First, make sure SELinux is actually enabled. If it’s not, you can skip this entirely.
# sestatus SELinux status: enabled
- Use the semanage utility to add a new port number for SSH.
# semanage port -a -t ssh_port_t -p tcp 2222
- Add the new port to firewalld’s configured zone (“public” by default).
# firewall-cmd --zone=public --add-port=2222/tcp --permanent
- Reload firewalld to finalize the changes.
# firewall-cmd --reload
Closing Thoughts
In this guide, we saw how to change the default SSH port on Ubuntu and CentOS, as well as similar distributions. Following these steps will offer some security through obscurity and, if nothing else, cut down on the intrusion attempts constantly launched by bots around the world.
