Changing the SSH Port in Linux Server

SecureShell Port on a Linux server

I want to discuss few points about changing the SSH Port on a CentOS server. There might be many ways to change, but I will let you learn the easiest way to change the port number.

​Introduction

​SSH is nothing but a Secure Shell. It gives you an option to login to a remote machine and execute commands. It can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model.

Linux server users, can change their SSH port to a different port other than the default port 22.​

Where to change SSH Port ?

I want you show you the easiest way to change the port. First, you need to SSH into the server as a root user.

#ssh root@hostname/IP

​(hostname/IP should be replaced with the hostname of your server or the main IP address of your server)

So, by now you would have login to your server as a root user. It is always a good idea to backup important servers files before modifying any thing.

Copying sshd_config file as a backup file
#cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

​That's it, now its your time to modify the file. No worries while modifying the file, as you already had a backup of it. The location of the file is at /etc/ssh/sshd_config.

​You can open this using a text editor like vm, nano, pico,vim ..etc; you can open with the editor which you feel feasible to use it. Now, locate the line that specifies the port.

Default SSH port  number will be "22" and it will be commented out with a # symbol. This means sshd_config file has not been altered. The below image gives you a clear idea about this.

nano /etc/ssh/sshd_config
How sshd_config file looks

​The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character "#" and then change the number 22 to something else. Do not pick a port number that is in use by another service.

If you are not sure, please check this from Wikepedia​. It gives you a better idea about the port and explains about each in detail. Try to use SSH port number that is not listed. For this example, I will use Port 98985.

​Remove the # symbol and change the port number to the number which you were fine with.

Changing SSH Port in sshd_config file

​Save your changes and close the sshd_config file.

That's it ?​

No, there is one more step where you need to allow the SSH port which you added in sshd_config file. It is no where but your server firewall. Let us discuss this more briefly.

Adding SSH Port number to your FireWall

Normally, we recommend using ConfigServer Security & Firewall(CSF) for our clients. It is one of the standard firewall used in most of the production servers. If your server is not yet configured the firewall, I recommend you to do it immediately and you can check the following URL to install firewall on your server.

​After completing the firewall(CSF) installation, you can open firewall configuration file at.

nano /etc/csf/csf.conf

​As we discussed previously, it is always a good idea to take backup of configuration files before you make any changes. You can follow the below way to take backup of firewall configuration file.

cp /etc/csf/csf.conf /etc/csf/csf.conf.bak

​Open /etc/csf/csf.conf in nano (or any of your favourite text editor) and locate the lines labelled Allow incoming TCP ports and Allow outgoing TCP ports.

Updating SSHD port in CSF configuration

​There add the port which you allowed in your sshd_config file. Make sure to add commas where necessary (follow the format of the existing port numbers).

Save your changes to the csf.conf file and close your text editor.

Step 3 : Restart Services​

​SSH and CSF must now be restarted in order to activate your changes. You can do so by running the command ‘csf -r’ followed by ‘/etc/init.d/sshd restart’ (example below):

service sshd restart
service csf restart
Restarting SSHD service

SSH will restart and listen on the port number you have specified.

Conclusion

On completion of reading this article, you can surely change SSH port in your Linux server. Hope you enjoyed reading my article.