How to Change SSH Port in Linux

SSH or Secure Shell daemon is a network protocol that is used to perform remotely secured log ins to Linux systems via a secured channel through unsecured networks using strong cryptography.

One of the most basic utility of SSH protocol is the ability to access Unix shells on remote Linux machines and execute commands. However, SSH protocol can offer other implementations, such as the ability to create secured TCP tunnels over the protocol, to remotely and securely transfer files between machines or to act as a FTP like service.

The standard port used by SSH service is 22/TCP. However, you might want to change SSH default port in your Linux server, in order to achieve some kind of security through obscurity because the standard 22/TCP port is continuously targeted for vulnerabilities by hackers and bots in internet.

To change SSH service default port in Linux, first you need to open the main SSH daemon configuration file for editing with your favorite text editor by issuing the below command and make the following changes.

# vi /etc/ssh/sshd_config

In sshd_config file, search and comment the line that begins with Port 22, by adding a hashtag (#) in front of the line. Below this line, add a new port line and specify your desired port to bind SSH.

In this example, we’ll configure SSH service to bind and listen on port 34627/TCP. Make sure you choose a random port, preferably higher than 1024 (the superior limit of standard well-known ports). The maximum port that can be setup for for SSH is 65535/TCP.

#Port 22
Port 34627
Change SSH Port in Linux

Change SSH Port in Linux

After you’ve made the above changes, restart the SSH daemon to reflect changes and issue netstat or ss command to confirm that SSH service listens on the new TCP port.

# systemctl restart ssh
# netstat -tlpn| grep ssh
# ss -tlpn| grep ssh

In CentOS or RHEL Linux based distributions, install policycoreutils package and add the below rules to relax SELinux policy in order for the SSH daemon to bind on the new port.

# yum install policycoreutils
# semanage port -a -t ssh_port_t -p tcp 34627
# semanage port -m -t ssh_port_t -p tcp 34627
# systemctl restart sshd
# netstat -tlpn| grep ssh
# ss -tlpn| grep ssh
Verify SSH New Port

Verify SSH New Port

Also, don’t forget to update the firewall rules specific for your own installed Linux distribution in order to allow incoming connections to be established on the new added SSH port.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

4 Responses

  1. Manoj says:

    Thanks for the article.

    Updated firewall as below for centos7, works smooth.

    $ sudo firewall-cmd --permanent --zone=public --add-port=34627/tcp
    $ sudo firewall-cmd --reload
    
  2. Matei Cezar says:

    Each open port can be discovered, but adding an obscurity layer makes it harder for bots, for instance, to discover a service running on a well-known or standard port.

  3. LD says:

    Security through obscurity is not security. A simple nmap -sV will discover your new ssh port on minutes.

  4. Dragos says:

    I think it would be

    # semanage port -a -t ssh_port_t -p tcp 34627
    

    Not “http_port_t”

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.