Changing the default SSH port on Ubuntu is a common security measure. By default, SSH runs on port 22, which is known to attackers. Changing it to a custom port can reduce the risk of automated attacks. Here’s a step-by-step guide to changing your SSH port in Ubuntu.
Step 1: Update the System
Before making any configuration changes, ensure your system packages are up-to-date:
Updating helps avoid issues with package dependencies and improves security.
Step 2: Choose a New Port
When choosing a new port, pick a number between 1025 and 65535 (the higher range is less commonly used by other applications). Avoid ports used by other popular services, like 80 (HTTP) or 443 (HTTPS).
For this example, let’s change the SSH port to 2222.
Step 3: Update the SSH Configuration
Edit the SSH configuration file using your preferred text editor:
Look for the line that reads:
Uncomment this line by removing the #
and change the port number from 22
to your chosen port (e.g., 2222
):
Save and close the file (in nano, you can do this by pressing Ctrl + X
, then Y
to confirm).
Step 4: Allow the New SSH Port in the Firewall
To prevent locking yourself out, update your firewall rules to allow the new SSH port. Assuming you’re using ufw
(Uncomplicated Firewall), add the new port:
If SSH was previously allowed, you may also want to remove the rule for port 22:
Then, reload ufw
to apply the changes:
Step 5: Restart the SSH Service
After updating the configuration file and firewall rules, restart the SSH service for the changes to take effect:
Alternatively, if systemctl
is unavailable:
Step 6: Verify the New SSH Port
To ensure SSH is listening on the new port, use:
This command will display active network connections, confirming the SSH service listens on your new port.
Step 7: Test the New SSH Port
Before closing your current SSH session, try connecting to the server using the new port from a different terminal or system:
If the connection is successful, the port change was correctly applied.
Additional Tips
- Disable Root Login: To add another layer of security, consider disabling SSH login for the root user by setting
PermitRootLogin no
in the same configuration file. - Use SSH Keys: For even stronger security, use SSH key authentication instead of passwords.
Conclusion
Changing the SSH port on Ubuntu is a straightforward yet effective way to reduce unwanted login attempts. By following these steps, you improve your server’s security with minimal effort. Remember to document the new port number to avoid accidental lockouts and always follow best practices like using SSH keys for authentication.
Change the SSH Port in Ubuntu Linux (F.A.Q)
Why should I change the SSH port?
Changing the default SSH port helps reduce the risk of automated attacks by making your server less visible to attackers who scan for the default port (22).
What port range should I choose for SSH?
Choose a port between 1025 and 65535 to avoid conflicts with well-known services. Higher port numbers are generally safer and less likely to be used by other applications.
How do I connect using the new SSH port?
Specify the new port with the -p
option in your SSH command. For example: