Secure Shell (SSH) is a protocol used to securely connect and manage remote systems. By default, the SSH server runs on port 22. However, for security reasons or to avoid conflicts with other applications, you might want to change the default SSH port. In this article, we will guide you through the process of running an SSH server on a different port in Ubuntu.
To run an SSH server on a different port in Ubuntu, you need to edit the SSH configuration file, change the default port number to your desired port, save the file, and restart the SSH service. Additionally, you may need to adjust your firewall settings to allow incoming connections on the new SSH port.
Before we begin, ensure you have the following:
- An Ubuntu system with SSH installed. If you haven’t installed SSH, you can do so using the command
sudo apt-get install openssh-server.
- Sudo or root access to the Ubuntu system.
Step 1: Backup the SSH Configuration File
Before making any changes, it’s a good practice to create a backup of the SSH configuration file. This will allow you to restore the original settings if something goes wrong. Use the following command to create a backup:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
In this command,
cp is used to copy the file,
/etc/ssh/sshd_config is the source file and
/etc/ssh/sshd_config.bak is the destination file.
Step 2: Edit the SSH Configuration File
Next, open the SSH configuration file using a text editor such as nano or vim. In this example, we’ll use nano:
sudo nano /etc/ssh/sshd_config
Look for the line that says
#Port 22. This line is a comment (indicated by the
#) and shows the default SSH port. To change the port, uncomment the line by removing the
# and replace
22 with your desired port number. For example, to change the port to
2222, the line should read
Step 3: Save and Exit
After making the changes, save and close the file. In nano, you can do this by pressing
Y to confirm the save, and finally
Enter to exit.
Step 4: Restart the SSH Service
For the changes to take effect, you need to restart the SSH service. Use the following command:
sudo service ssh restart
Step 5: Adjust Firewall Settings
If you have a firewall enabled, you need to adjust its settings to allow incoming connections on the new SSH port. For example, if you’re using UFW (Uncomplicated Firewall), you can open the new port using the following command:
sudo ufw allow 2222/tcp
2222 with the port number you chose.
Step 6: Test the New SSH Port
Now, you can test the new SSH port by connecting from another machine:
ssh user@hostname -p 2222
user with your username,
hostname with the hostname or IP address of your Ubuntu system, and
2222 with the new SSH port.
In this article, we’ve shown you how to change the default SSH port on an Ubuntu system. This can enhance the security of your system by preventing automated attacks on the default port. However, changing the SSH port is just one aspect of securing your SSH server. You should also consider other security measures such as using key-based authentication, disabling root login, and using a firewall.
Changing the default SSH port can enhance the security of your system by preventing automated attacks that target the default port. It adds an extra layer of protection by making it more difficult for attackers to find your SSH server.
You can check if the SSH server is running on the new port by using the command
sudo netstat -tuln | grep ssh. This will display a list of active network connections and listening ports. Look for the line that shows the new SSH port you specified in the configuration file.
In theory, you can use any available port number for SSH. However, it is recommended to choose a port number between 1024 and 65535 that is not commonly used by other services. This helps to avoid conflicts and ensures that your SSH server can accept incoming connections on the chosen port.
If you are unable to connect to the new SSH port, make sure that your firewall is properly configured to allow incoming connections on the new port. Double-check the firewall rules and ensure that the correct port number is specified. Additionally, verify that the SSH server is running by checking its status using the command
sudo service ssh status.
It is not recommended to change the SSH port remotely, especially if you are connected to the system via SSH. If you make a mistake in the configuration file and save it, you may lose the SSH connection and be locked out of the system. It is best to make changes to the SSH configuration file while physically or directly connected to the system.