Change SSH Listening Port

Change SSH Listening Port

Secure SHell (SSH) Protocol allows you to securely connect to remote machine over network.

Because it’s a very popular and basic tool for managing servers, people who are not authorized to access your server may try to break in.

SSH uses port 22 as default port for secure connection. Like I said above, it is a very popular and that makes it a target for the attackers.

Question: Should I change default listening port for SSH?

Answer:: Basically no, and I’ll tell you why later on.

Attackers can use automated attacks on SSH port because it’s a standard so you could end up with a dozen of attacks from all parts of the world.

Changing default port for SSH may decrease volume of attacks because it’s not on the default port, so a little more work is needed to find out new port.

Keeping SSH on default port (22) will not make your system less secure, there are other methods to protect your machine from attacks.

Non standard SSH port can be an easy way to avoid some of the attacks.

Change SSH Listening Port

Login to your server

ssh username@hostname

Now we need to edit configuration file for SSH Daemon

sudo nano /etc/ssh/sshd_config

Find line that looks like this:

# What ports, IPs and protocols we listen for
Port 22

Change 22 with any other port value

Save changes and exit file

Because we changed configuration file, SSH server needs to be restarted to apply changes

sudo service ssh restart

Next time when you want to login to your server, you need to specify port number for connection

ssh -p new_value username@hostname

Your SSH server listening port is now changed and running.

Note that this is a little trick to avoid some attacks and it should not be your only security measure for protecting your machine.

For more information about SSH visit OpenSSH website.


Leave a Reply

Your email address will not be published.