By default, SSH listens on port 22. To change the default SSH port can reduce the risk of auto-attack, so as to increase server additional layer of security.
Compared and change the default port, configure the firewall to allow access only from a specific host port 22 is easier and safer.
This tutorial shows you how to change the default SSH port Linux. We'll also show you how to configure the firewall to allow access to the new SSH port.
Change the SSH port
Please change the SSH port on your Linux system, follow these steps:
Select the new port number
In Linux, a port number lower than 1024 reserved for the well-known service, and can only be bound by the root. Although you can use the port in the range 1-1024 are SSH service, but in order to avoid future problems port assignments, recommended to choose more than 1024 ports.
In this example, change the SSH port 5522, but you can choose any port you like.
Adjust the firewall
Before you change the SSH port, you need to adjust the firewall to allow traffic on the new SSH port.
sudo ufw allow 5522/tcp
sudo firewall-cmd --permanent --zone=public --add-port=5522/tcp sudo firewall-cmd --reload
CentOS users also need to adjust the rules to allow the new SELinux SSH port:
sudo semanage port -a -t ssh_port_t -p tcp 5522
If you are using iptables as your firewall, the following command will open new SSH port:
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
Edit SSH Configuration
Use a text editor to open the SSH configuration file / etc / ssh / sshd_config:
sudo nano /etc/ssh/sshd_config
Search for the line beginning with Port 22. In most cases, this trip will begin with #. # Delete and enter a new SSH port number that will be used instead of the standard SSH port 22.
Port 5522
Use extreme caution when modifying the SSH configuration file. Incorrect configuration may cause SSH service failed to start.
Save the file and restart the SSH service to apply the changes after the completion of:
sudo systemctl restart ssh
In the CentOS, ssh service named sshd:
sudo systemctl restart sshd
To verify that the SSH daemon is listening on the new port 5522, type:
ss -an | grep 5522
The output should be as follows:
tcp LISTEN 0 128 0.0.0.0:5522 0.0.0.0:* tcp ESTAB 0 0 192.168.121.108:5522 192.168.121.1:57638 tcp LISTEN 0 128 [::]:5522 [::]:*
The new SSH port
Now that you have changed the computer to log on remotely SSH port, you need to specify the new port at login.
Using the specified port -p <port_number> option:
ssh -p 5522 username@remote_host_or_ip
in conclusion
In this tutorial, you learned how to change the SSH port on the Linux server. You may also need to set up SSH keys based on identity , connect to the Linux server without entering a password.
If you frequently connect to multiple systems, you can define all the connections to simplify workflow in the SSH configuration file.
If you encounter problems or have feedback, please leave a message below.