The default SSH port (22) can be changed to improve security by lowering automated attacks. This guide walks you through the process, including restarting the SSH service and configuring your firewall.
Step 1: Edit the SSH Configuration File
The SSH daemon configuration is stored in /etc/ssh/sshd_config. Use sed or a text editor like nano to modify the Port directive.
Using automated command
Uncomment and set the new port (if the line is commented)
sudo sed -i ‘s/^#Port 22/Port 2332/’ /etc/ssh/sshd_config
Update any existing Port line (if already uncommented)
# Uncomment and set the new port (if the line is commented)
sudo sed -i 's/^#Port 22/Port 2332/' /etc/ssh/sshd_config
# Update any existing Port line (if already uncommented)
sudo sed -i 's/^Port [0-9]*/Port 2332/' /etc/ssh/sshd_config
2. Allow the New SSH Port in the Firewall
UFW (Ubuntu/Debian):
sudo ufw allow 2332/tcp
sudo ufw reload
Firewalld (CentOS/RHEL):
sudo firewall-cmd --permanent --add-port=2332/tcp
sudo firewall-cmd --reloadManual Editing (Optional):
sudo nano /etc/ssh/sshd_configStep 3: Restart the SSH Service
sudo systemctl restart sshd # For systemd systems (Ubuntu 16.04+, CentOS 7+)
# OR
sudo service ssh restart # For older init systems (Ubuntu 14.04, Debian 7)Step 4: Verify the Configuration
- Check SSH Status:
sudo systemctl status sshdTest the New Connection:
Open a new terminal and connect using the new port:
ssh -p 2332 username@your_server_ipA basic security layer against automated attacks is added by changing the SSH port. Pair this with SSH key authentication and fail2ban for stronger protection. Regularly update your server and monitor logs for suspicious activity.