If you plan to boost your server’s security, you will need to change the SSH port from its default value. The default port number is a widely known fact and that makes it a security risk that you can’t afford. To make the procedure easy, we provide step-by-step instructions in plain English that tell you how to change the SSH port in Linux. The overview contains some basic information on the SSH protocol and why it’s important to your server security. Of course, you may skip it and just start with the tutorial.
What is SSH?
The Secure SHell protocol (SSH) is a security measure that gives you and other users the ability to connect to a secure server over an unsecured network (like the Internet). This becomes indispensable when you’re planning on running a server (whether a VPS or a dedicated server). You have to connect to your server from your laptop and that connection has to go through the Internet to get there. The Internet, obviously, is an unsecured environment, meaning you can’t afford to let your guard down. That is why the Secure SHell protocol is also equipped with several valuable tools that help establish and maintain server security, including tools for password and key authentication.
Why is SSH Security Important?
When you get a dedicated server or a VPS, you will be given full root access to the system, which means you can use the SSH protocol to remotely connect to the server and make any configurations you need. While SSH does not support graphics and only provides a Command-Line Interface, it is still the main method of server administration. Like all network-based services, SSH uses a default port number. But because the SSH port is harder to change than that in other protocols, like VNC, some users don’t bother to change it. That means hackers and malicious software will have more of a chance to gain access to your server because they know which port to target. So, you should take the time to change the default SSH port once and for all, and with this tutorial, you can do it quickly and without extra effort.
Want a better way to host your websites and web apps? Developing something new? Simply don’t like Windows? That’s why we have Linux VPS.
Linux Hosting Simplified
How to Change SSH Port in Linux
Throughout the tutorial, we’re going to be using the Linux Terminal to enter the necessary commands. The screenshots are taken from Fedora Server 34 but most of the commands work for all major Linux distributions. Where distro-specific commands are needed, we provide them separately. To go through these steps you need to be signed in to your server using VNC or SSH. With the explanation out of the way, let’s get started with the actual process.
Step 1: Launching the Terminal
First, we need to open the Terminal. If you’re using SSH, you will be using the terminal by default. If you’re using a remote desktop protocol like VNC, you can open the Terminal by pressing Ctrl+Alt+T or by searching the applications menu in all Linux distributions.
Also Read: Generate SSH Keys in Windows 10
Step 2: Edit the SSH Config File
Now, we’re going to use the nano text editor. Nano lets you edit texts right from the CLI, making it the perfect choice for SSH connections. Nano should be installed by default; if it’s not, see the appendix for the commands to install it. We’re going to use the editor to edit the SSH configuration file: /etc/ssh/sshd_config (you can use your favorite text editor if you have a remote desktop connection). For that, you should enter the following command:
sudo nano /etc/ssh/sshd_config
Now, scroll down until you find the Port attribute:
![[nano editor on Linux Terminal displaying the SSH config file]](https://cloudzy.com/wp-content/uploads/Screenshot-from-2021-07-17-11-13-53.png)
Step 3: (Optional) Change the SSH Port for Security
As you can see, the default port is mentioned as 22, and the # before it means this line is a commend. To make any changes, you must remember to delete the # to uncomment it. Some people like to use SSH port 443, which is usually reserved for SSL encryption, thereby confusing would-be hackers. Let’s say you want to change the SSH port to 3333; to do that, make the following change:
From: #Port 22 To: Port 3333
Again, make sure there is no # before the word Port. Press Ctrl+O to save the changes you’ve made and Ctrl+X to exit the editor.
Also Read: Telnet vs. SSH
Step 4: Restart the SSHD Service to Finalize Changes
You have finished configuring the SSH settings but for the changes to take effect, you have to restart the SSHD service in charge of SSH connections. For that, enter the following command:
sudo systemctl reload sshd
Step 5: Configure your Firewall
Before starting to enjoy your enhanced server security, however, you should configure your firewall to stop blocking your new SSH port. This is where the distro-specific commands come in, because of the default firewalls used by different distros.
How to Change SSH Port in CentOS/RHEL/Fedora
Most RHEL-based distros, like CentOS, use a security suite called SELinux (Security-Enhanced Linux), which acts as a firewall, among other things. Before going any further, however, you should first see if SELinux is actually enabled. To do that, enter the following command
sudo sestatus
If you see something like this, with the first line reading SELinux status: enabled then you’ll have to go through the following steps. Otherwise, you can just skip this and continue to the last step here.
![[Command to check SELinux on/off status]](https://cloudzy.com/wp-content/uploads/Screenshot-from-2021-07-17-11-53-29.png)
Now that we have determined SELinux is enabled, we’ll use the semanage package. If it was disabled, you can use these instructions to quickly turn SELinux on. Use the following command to add the port you have chosen to SELinux’s list of SSH ports (3333 in this example):
sudo semanage port -a -t ssh_port_t -p tcp 3333
Now, we need to tell the firewall to add port 3333 to your public zone, which is the registered range of open port numbers:
sudo firewall-cmd --zone=public --add-port=3333/tcp --permanent
All that’s left now is to restart the firewall service to make the changes take effect:
sudo firewall-cmd --reload
That’s that for CentOS change SSH port. You can test the new port below.
Also Read: Best SSH Client for Windows in 2022
How to Change SSH Port in Ubuntu/Debian/Kali
Ubuntu and some other Debian-based distros have the UFW firewall installed and active by default. That can be done using the following command, which you need to enter into the Terminal like the ones before:
sudo ufw allow 2222/tcp
That’s it for Ubuntu change SSH port. Now let’s just move on to testing the connection with the new port.
Testing the New SSH Port
Now, to see if everything worked out the way it should, we will do a quick test to see if our SSH port forwarding has been successful. If you’ve been using SSH to this point, you should first exit the session by closing the shell. Open a Terminal on your client and enter the following command to establish an SSH connection:
shh 00.00.00.00 -p 3333
Of course, you should replace 00.00.00 with the correct IP address for your server, which you can get from your control panel on your provider’s website.
Want a better way to host your websites and web apps? Developing something new? Simply don’t like Windows? That’s why we have Linux VPS.
Linux Hosting Simplified
Other Security Measures
This is it, as far as boosting your server SSH security will go, but there is always more. The security tasks of an administrator are never done. There are still things to do, like disabling root account access, creating stronger passwords, etc. Of course, the hosting provider plays the most important role in ensuring server security, so picking the right one is vital. That is why Cloudzy runs its Linux VPS servers on extra-secure servers with hardware and AI-based firewalls, smart DDoS protection, and other proprietary safeguards. Put your mind at ease and get a secure Linux VPS solution from Cloudzy today.
0 Comment