Home Linux ServerLinux Fundementals Instructions to change SSH Port in Linux

Instructions to change SSH Port in Linux

by Thạch Phạm

Instructions to change the SSH Port in Linux to limit brute force attacks.

Terms used in the article.

  • Port
  • Passwd: Password

I. Overview

Welcome back to AZDIGI‘s documentation channel. In today’s article, AZDIGI would like to share with you how to change SSH PORT. While this article may not be too unfamiliar to those familiar with Linux, for newcomers to the system, the first thing to do when logging in to a Linux system is to change the SSH port immediately to ensure security and limit brute force attacks.

The default SSH port for accessing a Linux system is 22. But this port is very easy to exploit. Therefore, changing the port and setting a complex password is inevitable for you to manage the server safely.

II. Change SSH Port in Linux

To change the SSH Port in Linux, follow the steps below.

Step 1: Access the server via SSH protocol

First, you need to SSH into your server with the initial default port of 22. After successfully SSH, continue with the next steps.

Step 2: Check SSH Port

To check the current ssh port, you can use netstat to check the ports that are listening.

AZDIGI Tutorial
netstat -nltp | grep sshd

As shown below, my server’s ssh port is 22 and I will change it to another port.

Instructions to change SSH Port in Linux

Step 3: Change SSH PORT

The ssh configuration file is named sshd_config and located at the path /etc/ssh/sshd_config . Please open this file with the command vivim or nano depending on usage. I will use the command vi to edit the file:

AZDIGI Tutorial
vi /etc/ssh/sshd_config

After opening the file, find the line #Port 22, then remove the sign # and change the number22 to the port you want. Here, I choose the ssh port as 2020 and I will enter it as 2020

Note: You cannot change to the port that another service is using. For example: “80, 21,23,53..”

Instructions to change SSH Port in Linux

Once you have made the changes, please don’t close this window but open the ssh port on the firewall system.

Step 4: Open the firewall port

Since each server, you will use a different firewall application. So please choose the corresponding applications below to open the port.

  • For servers using Firewalld

If you use firewalld, open the port and reload with the following command:

AZDIGI Tutorial
sudo firewall-cmd --permanent --zone=public --add-port=2020
sudo firewall-cmd --reload/tcp
  • For server using ufw (UIbuntu/Debian)

If you use ufw, enter the following command to change the port

AZDIGI Tutorial
sudo ufw allow 2020/tcp
  • For servers using iptables

With iptables, enter the following commands sequentially to open the port, start and check the opened port.

AZDIGI Tutorial
iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
service iptables restart
iptables -L -n
  • For server install CSF

CSF (ConfigServer & Firewall) is the most popular firewall system. And to open the port, you do the following sequentially. Open the configuration file csf.conf with the following command:

AZDIGI Tutorial
vi /etc/csf/csf.conf

When you have opened the configuration file, find the lineTCP_IN and add ports. Ports will be separated by phẩy ,

AZDIGI Tutorial
# Allow incoming TCP ports

TCP_IN = “20,21,22,25,26,53,80,110,143,443,465,587,993,995,2020”

# Allow outgoing TCP ports

TCP_OUT = “20,21,22,25,26,37,43,53,80,110,113,443,465,873,2020”
Instructions to change SSH Port in Linux

After editing the csf.conf file, please restart your csf to apply the changes. You use the csf -r command to restart.

Step 4: Restart the SSH service

Be sure to open the changed port to the firewall system, to ensure that restarting sshd works. Otherwise, you won’t be able to ssh in if you closed the old session. In this case, only when VNC enters the server, you can do it again.

AZDIGI Tutorial
systemctl restart sshd

After restarting the sshd service, please netstat and recheck.

IV. Summary

So AZDIGI has completed the instructions on how to change the sshd port to secure the server system. But the way to change the port is still not absolutely safe. In the next article, AZDIGI will guide you to secure the server in the most secure way.

    If you need assistance, you can contact support in the ways below:

    Đánh giá

    Bài viết cùng chuyên mục

    AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

    Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign