Change ssh default port in Linux

  • 20 May 2016
  • ADM


Change ssh default port in Linux - images/logos/centos.jpg


By default, ssh listens for incoming connections on port 22. So if a hacker wants to attack your machine he will most likely scan port 22 first. Just to make an idea how important is this (from my point of view of course), before changing the default ssh port for my server I got every day 1000+ login tries for my root user. An effective (but minimal) method to protect your machine is to run ssh on non-standard port. Any unused port will work but one above 1024 is preferable.

Step1 - edit ssh config

Open ssh config file:

$ vi /etc/ssh/sshd_config

or you can use any editor you want.

Step2 - change the port

Add the custom port by adding the port you want to use, e.g. 2987:

Port 2987

Save and exit the file.

Note: make sure you note the port somewhere, just in case you forgot it :-)

Step3 - restart the service

Restart the ssh service:

$ systemctl restart sshd.service

Step4 - change the firewall rule

Don't forget to change the firewall rules:

$ firewall-cmd --add-port 2987/tcp --permanent
$ firewall-cmd --reload

..and we are done. Other security change you can do is to change SSH to use Protocol 2.