How to Change SSH Port in Linux

SSH or Secure Shell daemon is a network protocol that is used to perform remotely secured log ins to Linux systems via a secured channel through unsecured networks using strong cryptography.

One of the most basic utility of SSH protocol is the ability to access Unix shells on remote Linux machines and execute commands. However, SSH protocol can offer other implementations, such as the ability to create secured TCP tunnels over the protocol, to remotely and securely transfer files between machines or to act as a FTP like service.

The standard port used by SSH service is 22/TCP. However, you might want to change SSH default port in your Linux server, in order to achieve some kind of security through obscurity because the standard 22/TCP port is continuously targeted for vulnerabilities by hackers and bots in internet.

To change SSH service default port in Linux, first you need to open the main SSH daemon configuration file for editing with your favorite text editor by issuing the below command and make the following changes.

# vi /etc/ssh/sshd_config

In sshd_config file, search and comment the line that begins with Port 22, by adding a hashtag (#) in front of the line. Below this line, add a new port line and specify your desired port to bind SSH.

In this example, we’ll configure SSH service to bind and listen on port 34627/TCP. Make sure you choose a random port, preferably higher than 1024 (the superior limit of standard well-known ports). The maximum port that can be setup for for SSH is 65535/TCP.

#Port 22
Port 34627
Change SSH Port in Linux
Change SSH Port in Linux

After you’ve made the above changes, restart the SSH daemon to reflect changes and issue netstat or ss command to confirm that SSH service listens on the new TCP port.

# systemctl restart ssh
# netstat -tlpn| grep ssh
# ss -tlpn| grep ssh

In CentOS or RHEL Linux based distributions, install policycoreutils package and add the below rules to relax SELinux policy in order for the SSH daemon to bind on the new port.

# yum install policycoreutils
# semanage port -a -t ssh_port_t -p tcp 34627
# semanage port -m -t ssh_port_t -p tcp 34627
# systemctl restart sshd
# netstat -tlpn| grep ssh
# ss -tlpn| grep ssh
Verify SSH New Port
Verify SSH New Port

Also, don’t forget to update the firewall rules specific for your own installed Linux distribution in order to allow incoming connections to be established on the new added SSH port.

Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

6 thoughts on “How to Change SSH Port in Linux”

  1. Did all the steps but now I cannot log in to SSH anymore, on port 22 it says connection refused, and on the port, I defined it says connection timed out. Any help on this? Btw I added it on Plesk firewall as both income and outgoing rules and please visit us: https://www.ezeelogin.com.

    Reply
  2. Thanks for the article.

    Updated firewall as below for centos7, works smooth.

    $ sudo firewall-cmd --permanent --zone=public --add-port=34627/tcp
    $ sudo firewall-cmd --reload
    
    Reply
  3. Each open port can be discovered, but adding an obscurity layer makes it harder for bots, for instance, to discover a service running on a well-known or standard port.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.