Secure Shell (SSH) uses TCP port 22.
SSH was created as a solution to replace both file transfer protocol FTP (port 21) and remote access protocol telnet (port 23), so port 22 was a particularly fitting choice.
Changing SSH port on the server
You can make SSH server run on any available port by changing the Port directive in the /etc/SSH/sshd_config file.
For privileged port (port number less than 1024), you would have to start sshd as root.
For non-privileged port (port number above 1024), you can start sshd as a regular user on your server.
Best practice: change default SSH port
If you are running SSH server on publicly available IP addrrsses, it's best to minimize your chances of having SSH access compromsied:
- change the default port for SSH (to limit chances of SSH being discovered by external scans)
- switch to key only authentication (prevents password brute force attacks)
- use firewall to allow SSH access from known IP networks only (if possible)