SSH port

Default SSH port 22 Default SSH port 22

SSH was created as a solution to replace both file transfer protocol FTP (port 21) and remote access protocol telnet (port 23), so port 22 was a particularly fitting choice.

Changing SSH port on the server

You can make SSH server run on any available port by changing the Port directive in the /etc/ssh/sshd_config file.

Usually Port is the very first option defined in the file, and it’s commented out if default value is used:

#Port 22
#AddressFamily any
#ListenAddress ::

just update this section by uncommenting Port and changing 22 to the port number you need, like 212 in this example:

Port 212
#AddressFamily any
#ListenAddress ::

For privileged port (port number less than 1024), you would have to start sshd as root.

For non-privileged port (port number above 1024), you can start sshd as a regular user on your server.

Best practice: change default SSH port

If you are running SSH server on publicly available IP addrrsses, it’s best to minimize your chances of having SSH access compromsied:

  • change the default port for SSH (to limit chances of SSH being discovered by external scans)
  • switch to key only authentication (prevents password brute force attacks)
  • use firewall to allow SSH access from known IP networks only (if possible)

See Also

Contact Me

Follow me on Facebook, Twitter or Telegram:
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets