How to change SSH port in Ubuntu server

How to change SSH port in Ubuntu server

Hi Friends,

In this post, I will show you how you can change the SSH port of your Ubuntu server.

The SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another. It provides several alternative options for strong authentication, and it protects the communications security and integrity with strong encryption. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP). For more details, refer to the documentation here.

Changing the SSH port from the default port (22) to some other is one of the best practice to secure your server. The attacker will not be able to try to connect to the server via SSH as they do not know the new SSH port of your server.  So without further delay, let’s start.

To change the SSH port, first go to the location: “/etc/ssh” and then open the file: “sshd_config” in your favourite editor. You can also take a copy of the file sshd_config before making any changes in case something went wrong.

 

Then you need to edit the line that refers to the port number. Change the port number from 22 to your desired port(let’s say 2222). Refer the below snapshot.

Then restart the sshd service. Use one of the below commands to restart it.

service ssh restart

or

service sshd restart

Now allow your new ssh port in the firewall. If you do not allow the new port, then you will not be able to connect.

Currently, I have not added the port 2222 in the server firewall. Let’s check whether the server is listening to this port or not. Use the below to know the details.

telnet <server IP address> <new port>

telnet 1.2.3.28. 2222

Note: I have taken the IP address 1.2.3.28 here for demonstration only. Make sure you use your server’s IP address to check it.

As we can see that the port 2222 is not listening to the server 1.2.3.28. In order to listen to the traffic for the port 2222, we need to allow this port in the server’s firewall.

In Ubuntu, the firewall is ufw (Uncomplicated Firewall). Make sure it is enabled in your server. You can check your firewall status using the below command:

ufw status

We see that the firewall is active. If not, first enable it using the below command:

ufw enable

Now allow the port 2222 in the firewall and check the status (to confirm that the new port is added to the firewall.

ufw allow 2222

ufw status | grep 2222

Now the new port is allowed in the server firewall. Now check whether it is listening to the server or not.

Since the new SSH port is listening to the server, you will be able to connect to your server with this new port. Let’s check the SSH connection from both the port (default port 22 that was initially set and the new SSH port 2222).

Try this security measure to your server and let me know if you face any issue in setting this. I will be more than happy to help you.

Thank you. 🙂

Powered by Facebook Comments

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.