Secure Shell (SSH) is a network protocol that allows users to access the server remotely. It also encrypts communication between a client and a private server, making it more secure.
However, using the standard Transmission Control Protocol (TCP) port 22 for SSH can be risky, as it is vulnerable to many cyber threats, especially brute force attacks, a hacking method used to gain access to encrypted sensitive data.
Therefore, changing your default port is one of the best ways to protect your SSH server. In this article, we’ll explain how to choose a new SSH port and walk you through your change to your virtual private server (VPS).
Download the Ultimate cheat sheet
SSH Commands How to choose a new SSH port
When choosing a new SSH port, note that port numbers 0-1023 are reserved for various services and can only be linked by root access.
Here is a list of the most common privileged services and their associated ports and functions:
Although you can still use them, if you do, your SSH connection will be at risk of network conflict.
Therefore, we recommend choosing between different ports ranging from 1024 to 65535, as they do not have privileges.
How to Change the Default SSH Port
In this section, we will explain how to change your default SSH port in four simple and easy steps
.
1. Connect to your server via
SSH
To do this, run the following command line in Terminal or PuTTy
: ssh username@0.0.0.0
For example:
ssh root@187.234.56.1
Next, you will be prompted to enter the SSH password or keys. Once you have done so, the connection will be established.
2. Change
SSH settings
Start by running the following command to access the SSH daemon (sshd):
sudo nano /etc/ssh/sshd_config
The SSH configuration file opens. Find the line that says #Port 22. Next, delete the number and # and replace it with the new SSH port number you want to use.
For example
:
Change the SSH port number to 1026:
Then save the changes
.
3. Configure your Start firewall
making sure that the newly selected port is not blocked. If this is a new VPS configuration, all ports should be open by default.
Update your firewall settings to allow incoming connections to the new port. For this example, we’ll use the UFW firewall. Run
the following command: sudo ufw allow 1026/tcp Then restart the
SSH service using the following command
: Debian and
Ubuntu
: sudo service ssh restart
Debian and Ubuntu
with systemd: sudo systemctl restart ssh CentOS and Fedora sudo service sshd restart
CentOS and Fedora
with systemd: sudo
systemctl restart sshd
4. Test
the new default port
To verify that the new SSH port is open, run the command ss or netstat: ss
-tulpn | grep 1026 netstat -tulpn | grep 1026
You can now try to log in
to SSH using the following command: ssh -p [port] user@server
For example
: ssh -p 1026 root@0.0.0.0
Conclusion
Using the default SSH port 22 can make it an easy target for hackers: they often look for open ports through which to intercept and extract sensitive data. Therefore, we recommend changing the SSH port to prevent potential cyber attacks and add extra protection to your Linux server.
Before choosing a new port for your SSH access, note that ports numbered 0-1023 are reserved for privileged services. Therefore, it is better to use a port ranging from 1024 to 65535.
Configuring a new specified port is relatively easy: you just need to update the number in the SSH daemon configuration file and firewall settings. Then, restart the SSH service and retest the new port connection.
We hope this article helped you change your SSH port on VPS. If you have any questions or ideas, please leave them in the comments section below.
