Knowledgebase Article

Changing Your SSH Port
Published 21-03-2015

While there are many ways to make sure your server is as secure as possible there are some basic steps and measures that you can take to cover your bases. Changing your SSH port is just one of them, this is called security through obscurity.

The Secure Shell (SSH) Protocol by default uses port 22. Accepting this and leaving this as the default port does not make your system insecure, but this is a common port that bots sniff out in order to try and gain access to your server. Changing the port will not provide a significant variance in security. However, changing the default SSH port will stop many of the automated attacks your server will face and make is a bit harder to guess which port SSH is accessible from. In other words, a little security though obscurity.

In order to change your SSH port you will need to have root access via SSH.

Once you have logged in as root, use your favourite text editor to edit the sshd configuration file.

 vi /etc/ssh/sshd_config

Next you will need to locate the line that specifies the port number. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (see example below).

 

Changing your SSH port image 1

 

The # symbol tells the server to ignore anything after it on the same line, so you will need to remove the hash character and then change the number 22 to something else.

Be sure you do not pick a port number that is in use by a different service.

The default line will look like this: #Port 22 In this example the port has been changed to 2922 and the # symbol removed. (see example below)

 

Changing your SSH port image 2

 

Press (i) key on your keyboard to start the insert mode of the text editor. Once you have changed you port number and removed the # symbol you will need to save and exit the text editor.

Press the esc key on your keyboard.

Press the (:) key on your keyboard and the the (w) key, this will now save the config file.

Press the (:) key on your keyboard and the the (q) key, this will quit the the text editor and return you to command line prompt.

Next you need to restart SSH in order for the new settings to take effect.

 /etc/init.d/sshd restart

Now that the SSH port number has been changed you need to check the new settings have taken effect and that you can still gain access to your server. DO NOT CLOSE OFF YOUR OPEN SSH CONNECTION.

Open a new SSH connection window, this time you need to connect using your new port number. As long as you can access your server on the new SSH port you can return to the first SSH connection and type exit and then press the return key to terminate that SSH connection.

That’s it, you have now changed your SSH port number creating a little server security through obscurity.