Hi Friends,
In this post, I will show you how you can change the SSH port of your Ubuntu server.
The SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another. It provides several alternative options for strong authentication, and it protects the communications security and integrity with strong encryption. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP). For more details, refer to the documentation here.
Changing the SSH port from the default port (22) to some other is one of the best practice to secure your server. The attacker will not be able to try to connect to the server via SSH as they do not know the new SSH port of your server. So without further delay, let’s start.
To change the SSH port, first go to the location: “/etc/ssh” and then open the file: “sshd_config” in your favourite editor. You can also take a copy of the file sshd_config before making any changes in case something went wrong.
Then you need to edit the line that refers to the port number. Change the port number from 22 to your desired port(let’s say 2222). Refer the below snapshot.
Then restart the sshd service. Use one of the below commands to restart it.
service ssh restart
or
service sshd restart
Now allow your new ssh port in the firewall. If you do not allow the new port, then you will not be able to connect.
Currently, I have not added the port 2222 in the server firewall. Let’s check whether the server is listening to this port or not. Use the below to know the details.
telnet <server IP address> <new port>
telnet 1.2.3.28. 2222
Note: I have taken the IP address 1.2.3.28 here for demonstration only. Make sure you use your server’s IP address to check it.
As we can see that the port 2222 is not listening to the server 1.2.3.28. In order to listen to the traffic for the port 2222, we need to allow this port in the server’s firewall.
In Ubuntu, the firewall is ufw (Uncomplicated Firewall). Make sure it is enabled in your server. You can check your firewall status using the below command:
ufw status
We see that the firewall is active. If not, first enable it using the below command:
ufw enable
Now allow the port 2222 in the firewall and check the status (to confirm that the new port is added to the firewall.
ufw allow 2222
ufw status | grep 2222
Now the new port is allowed in the server firewall. Now check whether it is listening to the server or not.
Since the new SSH port is listening to the server, you will be able to connect to your server with this new port. Let’s check the SSH connection from both the port (default port 22 that was initially set and the new SSH port 2222).
Try this security measure to your server and let me know if you face any issue in setting this. I will be more than happy to help you.
Thank you. 🙂
My name is Shashank Shekhar. I am a DevOps Engineer, currently working in one of the best companies in India. I am having around 5 years of experience in Linux Server Administration and DevOps tools.
I love to work in Linux environment & love learning new things.
Powered by Facebook Comments
Leave a Reply