How To Change Default SSH Port In Linux

One of the things you should do when first setting up your new server is changing the SSH port. This is not because it will actually stop a real attacker but because your server will be hammered with automated random login attempts, so the real reason why we will change the default ssh port is so that when the automated attacks can’t even connect to port 22 then usually it just stops and moves on to the next server. If you are using a cloud droplet or VPS that supports snapshots, now is the time to take one just incase you get locked out if something goes terribly wrong (never hurts to be safe!).

Check For Failed SSH Login Attempts

You can check for failed login attempts with the following command to see if your ssh is being attacked/bruteforced.

root@teachmelinux:/home/mike# grep fail /var/log/auth.log
Oct 12 07:14:16 teachmelinux sshd[4702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.71.255.27  user=root

Check Current SSH Port

If you are unsure of whether or not your ssh service is running on port 22, you can check it with plenty of different methods, Here are 3 different ways. The first one is by checking the /etc/ssh/sshd_config file.

root@teachmelinux:/home/mike# cat /etc/ssh/sshd_config | grep Port
Port 22

If you don’t want to check it with the above way, the official Ubuntu guide says to check it with the following command.

root@teachmelinux:/home/mike# ss -lnp | grep sshd
u_dgr  UNCONN     0      0         * 304125                * 8968                users:(("sshd",pid=27289,fd=4))
tcp    LISTEN     0      128       *:22                    *:*                   users:(("sshd",pid=1517,fd=3))
tcp    LISTEN     0      128      :::22                   :::*                   users:(("sshd",pid=1517,fd=4))

The other way you can check your ssh port number is by scanning your server with nmap (this is why just changing your port won’t stop a real attacker). You can do this from either a Linux desktop or another Linux server.

root@teachmelinux:/home/mike# nmap -p1-65535 teachmelinux.com

Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-12 07:35 UTC
Nmap scan report for teachmelinux.com (127.0.1.1)
Host is up (0.000016s latency).
Not shown: 65532 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 8.53 seconds

Change Default SSH Port

So lets get down to business and actually change our ssh port. To do this you will need to modify your sshd_config file. You can do this with whatever text editor you prefer, although I will be using vi for this guide.

sudo vi /etc/ssh/sshd_config

You next you need to scroll down to where the Port setting is located and change it to your desired port, to change the text you will need to enter “insert mode” by pressing the i button on your keyboard. I will be using port 2222, its easy to remember and its just to stop bots anyway. Now that we have changed the setting, we still need to save the changes by pressing the following keys in order :wq.

Update Firewall To Allow New SSH Port

Next you need to change your firewall/iptables settings to allow connections on your newly assigned port. We will also be closing port 22 because we are no longer using it for ssh.

Ubuntu Server

sudo ufw allow 2222
sudo ufw deny 22

CentOS / Red Hat

sudo firewall-cmd --zone=public --add-port=2222/tcp --permanent
sudo firewall-cmd --reload

IP Tables

sudo iptables -I INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j DROP
sudo service iptables save

Restart SSHD Service

Last but not least you will need to restart your sshd service for the changes to take effect. You can do so using the service command below.

sudo service sshd restart

I hope this guide has helped you, please don’t forget to like/share/comment. Thanks for the support!

Leave a Reply

Your email address will not be published. Required fields are marked *