LightNode Logo

How to Change the SSH Port in Ubuntu

LightNode
By LightNode ·

Introduction

Secure Shell (SSH) is a cryptographic network protocol that allows users to securely access and manage remote systems over an unsecured network. By default, SSH operates on port 22. However, there are several compelling reasons why you might want to change this default port on your Ubuntu system:

  1. Enhanced Security: Changing the default SSH port can help protect your system from automated bots and scripts that routinely scan for open port 22 connections.

  2. Reduced Noise: By moving to a non-standard port, you'll significantly decrease the number of automated login attempts recorded in your logs, making it easier to monitor for genuine threats.

  3. Compliance Requirements: Some security policies or compliance standards may require the use of non-standard ports for remote access protocols.

  4. ISP Restrictions: In some cases, Internet Service Providers (ISPs) may block or throttle traffic on common ports like 22 to prevent server hosting on residential connections.

While changing the SSH port is not a comprehensive security measure on its own, it can be an effective part of a broader security strategy, often referred to as "security through obscurity." This tutorial will guide you through the process of changing the SSH port on your Ubuntu system, helping you take a step towards a more secure server environment.

Prerequisites

Before we begin the process of changing the SSH port, ensure that you have the following:

  1. Ubuntu System: This guide is specifically for Ubuntu, though the steps may be similar for other Linux distributions.

  2. Root or Sudo Access: You'll need administrative privileges to modify system configurations.

  3. Basic Terminal Knowledge: Familiarity with basic Linux command line operations is necessary.

  4. SSH Access: Ensure you currently have SSH access to your system.

  5. Backup Connection Method: It's crucial to have an alternative method to access your server (like console access) in case something goes wrong during the process.

Steps to Change SSH Port

1. Backup the SSH Configuration File

It's always a good practice to create a backup before modifying any system configuration files. To backup your SSH configuration file, use the following command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

This command creates a copy of the original configuration file with a .bak extension. If anything goes wrong, you can easily revert to this backup.

2. Edit the SSH Configuration File

Now, let's open the SSH configuration file for editing. You can use any text editor you're comfortable with. In this example, we'll use nano:

sudo nano /etc/ssh/sshd_config

This command opens the sshd_config file in the nano text editor with root privileges.

3. Change the Port Number

Once you have the sshd_config file open in your text editor, look for a line that says #Port 22. This line is typically commented out (indicated by the # symbol at the beginning).

To change the SSH port:

  1. Remove the # to uncomment the line.
  2. Change 22 to your desired port number.

For example, if you want to change the port to 2222, the line should look like this:

Port 2222

Choose a port number between 1024 and 65535 to avoid conflicts with well-known services. Also, ensure the port you choose isn't already in use by another service on your system.

4. Save and Exit the Configuration File

After making the change:

  • If you're using nano, press Ctrl + X, then Y, and finally Enter to save and exit.
  • If you're using vim, press Esc, type :wq, and press Enter.

5. Adjust Firewall Settings

If you're using UFW (Uncomplicated Firewall), which is common on Ubuntu systems, you need to allow connections on the new SSH port. Run these commands:

sudo ufw allow 2222/tcp
sudo ufw reload

Replace 2222 with your chosen port number.

If you're using a different firewall, consult its documentation to learn how to open a new port.

6. Restart SSH Service

To apply the changes, restart the SSH service with this command:

sudo systemctl restart sshd

This will restart the SSH daemon with the new configuration.

7. Test the New SSH Port

Before closing your current SSH session, it's crucial to test if you can connect using the new port. Open a new terminal window and try to connect with the following command:

ssh -p 2222 username@your_server_ip

Replace 2222 with your new port number, username with your actual username, and your_server_ip with your server's IP address.

If the connection is successful, you can proceed to close your old SSH session and use the new port for future connections.

Troubleshooting

If you encounter issues after changing your SSH port, consider the following:

  1. Connection Refused: Ensure that the new port is open in your firewall settings.

  2. Port Already in Use: If you receive an error that the port is already in use, choose a different port number.

  3. SSH Service Not Starting: Check the SSH service status using sudo systemctl status sshd. Look for any error messages in the output.

  4. Reverting Changes: If you can't connect at all, use your backup access method (like console access) and restore the backup configuration file:

    sudo cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
sudo systemctl restart sshd

Change ssh port on Ubuntu

Frequently Asked Questions (FAQ)

1. Is changing the SSH port really necessary?

While not absolutely necessary, changing the SSH port can significantly reduce automated attacks and log noise. However, it should be part of a broader security strategy, not the only measure taken.

2. What port number should I choose?

Choose a port number between 1024 and 65535 to avoid conflicts with well-known services. Avoid commonly used alternative SSH ports like 2222 or 22222, as these are often targeted by more sophisticated scans.

3. Will changing the SSH port affect my current connections?

Changing the port will not affect your current SSH session. However, all new connections will need to use the new port number.

4. How do I connect to SSH after changing the port?

Use the -p flag followed by the new port number when connecting. For example:

ssh -p 2345 username@your_server_ip

5. Can I change the SSH port back to 22 if needed?

Yes, you can change the port back to 22 or any other number by following the same process outlined in this guide.

6. Will changing the SSH port interfere with SFTP or SCP?

SFTP and SCP use the same port as SSH. You'll need to specify the new port when using these services as well.

7. Is it safe to use a well-known alternative port like 2222?

While using ports like 2222 is better than the default 22, they are still commonly scanned by attackers. It's best to choose a more unique port number.

8. What if I forget the new SSH port?

Always keep a record of your new SSH port in a secure location. If you forget, you may need to use alternative access methods (like console access) to retrieve or reset it.

9. Does changing the SSH port affect server performance?

Changing the SSH port has negligible impact on server performance. The benefits in terms of reduced automated attacks usually outweigh any minimal performance considerations.

10. Should I inform my team or other users about the SSH port change?

Yes, it's crucial to inform all authorized users about the SSH port change. Provide them with the new connection details to ensure continued access.

Back to the list