Changing The SSH Port

While there are many ways to make sure your server is as secure as possible there are some basic steps and measures that you can take to cover your bases.

Users with a Linux server can change their SSH port to something other than the default port (22).

Step #1: Reconfigure SSHD

The easiest way to change the port is to SSH into the server as root:

ssh root@hostname/IP

(hostname/IP should be replaced with the hostname of your server or the main IP address of your server)

Once you are logged into the server as root we can begin editing the sshd_config file. As with any modification to an important server file, it is always a good idea to back it up before making any changes:

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim) and locate the line that specifies the port. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (example below).

vim /etc/ssh/sshd_config
ssh port22

The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222 (which is used by Windows servers but not by default on Linux servers).

Remove the # symbol and change the port number:
ssh port2222

Save your changes and close the sshd_config file.

We will also need to open the new port in the server’s firewall. This tutorial describes firewall changes on a standalone dedicated or virtual private server. If you have a hardware firewall in place please open a ticket with our support department so that we can make the necessary changes.

Step #2: Updating Your Firewall

Once again we will use Vim as our text editor to make changes to the APF firewall configuration. If your server uses the CSF firewall, follow the instructions to open a port via command line or WebHost Manager at Opening Ports In Your Firewall and skip ahead to the next section.

As with the SSH configuration file it is a good idea to create a backup prior to making any changes.

cp /etc/apf/conf.apf /etc/apf/conf.apf.bak

Open /etc/apf/conf.apf in Vim (or your favorite text editor) and locate the line labeled Common ingress (inbound) TCP ports.



Was this answer helpful?

Related Articles

Opening Ports In Your Firewall

Occasionally you will find that you need to open up a port in your firewall for some application...

Logging into Your Server via Secure Shell (SSH)

If you're comfortable using WHM and cPanel, you might be ready to use a command line interface...

7 Extremely Useful Linux Commands for Beginner

#1: ls : What’s in this directory? The command ls stands for list directory contents. And,...