Using Multiple SSH ports

Unix Tutorial

This is not the most obvious functionality, hence I decided to share it as a separate post. It’s quite easy and perfectly acceptable to specify more than one SSH port for your sshd daemon – useful for debugging or added security (when bound to separate IP addresses).

Adding Extra SSH ports

Simply edit the /etc/ssh/sshd_config file and add more port numbers under the existing default port (it’s commented out because 22 is used by default):

greys@server:~$ sudo vi /etc/ssh/sshd_config

Change this:

#Port 22
AddressFamily any±
ListenAddress ::

to this:

Port 22
Port 221
Port 222

AddressFamily any±
ListenAddress ::

IMPORTANT: you must uncomment Port 22, otherwise new ports will be the only SSH ports listened on (so SSH port 22 will stop working).

Now restart ssh:

greys@server:~$ sudo systemctl restart ssh

Confirm each new SSH port

netstat command with grep confirms that all 3 ports are being listened on now:

greys@server:~$ netstat -nal | grep 22
tcp 0 0* LISTEN
tcp 0 0* LISTEN
tcp 0 0* LISTEN

If we want to, we can even try connecting to a non-standard ssh port like 221 or 222 as per our changes.

Don’t be alarmed about warning:

root@server:~# ssh greys@localhost -p 222
The authenticity of host '[localhost]:222 ([]:222)' can't be established.
ECDSA key fingerprint is SHA256:12efZx1MOEmlxQOWKhM5eaxDwJr4vUlLhcpElkGHTow.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:222' (ECDSA) to the list of known hosts.
greys@localhost's password:
Welcome to Ubuntu 19.04 (GNU/Linux 4.18.0-20-generic x86_64)

Hope you enjoy this advice, stay tuned for more!

See Also