Change default SSH port

How to change the default SSH port of your server.

SSH is one of the most commonly attacked services as it provides easy access to full control of a Dedicated Server. Changing the default SSH port will help prevent an attacker from launching brute force attacks to the default port.

Linux / CentOS

  1. Login to your server as root.

  2. Within the command line, execute the command line nano /etc/sysconfig/iptables to edit the IPTables configuration file. Add the following line to the configuration file: -A INPUT -m state --state NEW -m tcp -p tcp --dport someportnumber -j ACCEPT directly below line -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT in the configuration file. Save and exit by holding down "ctrl" and "x".

  3. Within the command line run the command service iptables restart to restart the IPTables service

  4. Run the command service iptables status to see if the new rule has been applied (optional).

  5. Edit the SSH configuration file with the command nano /etc/ssh/sshd_config. Modify the line #port 22 by removing "#" and replacing "22" to your new desired port number you opened on the IPTables configuration. Save and exit by holding down "ctrl" and "x".

  6. Within the command line, execute service sshd restart to restart the SSH service.

  7. If you can still access the command line, type ss -tnlp | grep ssh to verify SSH is listening on the new port (optional).

  8. Connect to the server via SSH using the new port you selected.

  9. Run the command nano /etc/sysconfig/iptables to edit the IPTables configuration file again. Comment out line -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT by adding "#" in the beginning of the line to block all connectivity to port 22. Save and exit by holding down "ctrl" and "x".

  10. Execute the command service iptables restart to restart the IPTables service.

Linux / Ubuntu / Debian

  1. Login as the server as root (or gain root access by executing sudo su).

  2. Check to see the status of the firewall by executing ufw status. If the firewall is active then you need to add a rule to allow connections for our new SSH port. This can be done by executing ufw allow newportnumberhere/tcp.

  3. Execute nano /etc/ssh/sshd_config and look for the line that contains "Port 22".

  4. Change the number "22" to any unused port you'd like. Save and exit by holding down "ctrl" and "x".

  5. Restart the SSH service by executing restart ssh within the command line. For Debian, execute service ssh restart.

  6. If you can still access the command line, type ss -tnlp | grep ssh to verify SSH is listening on the new port (optional).

  7. Start a new SSH session on the new port.

  8. Delete the old firewall rule for the old port by executing ufw delete allow 22/tcp.

PreviousBlocked portsNextManaging reverse DNS

Last updated