p>When managing a Linux server, what happens when you change the SSH port? Actually, changing the SSH port is a common practice to enhance security. By default, the SSH service listens on port 22, which is a well-known port and therefore often a target for automated attacks. By changing the SSH port to a non-standard one, you can significantly decrease these attacks.

In this article, we will guide you through changing the SSH port on several popular Linux distributions, including Ubuntu/Debian, CentOS/RHEL, and Arch Linux.

Ubuntu and Debian Systems

Ubuntu and Debian are two very similar Linux distributions, with nearly the same SSH configuration methods.

First, you need to open the SSH configuration file. You can use your favorite text editor for this task. Here, we’ll use nano:

sudo nano /etc/ssh/sshd_config

In the file that opens, look for the line containing #Port 22. This line is commented out, meaning it is not active. You need to uncomment it and change it to your desired port number. For example:

Port 2222

Where 2222 is your chosen new port number. Make sure that the port you choose does not conflict with other ports already in use on the system and that it is within the unallocated range of 1024 to 65535.

After making the change, save and close the file, then restart the SSH service to apply the change:

sudo service ssh restart

CentOS and RHEL Systems

In CentOS and RHEL systems, the process to change the SSH port is similar to that of Ubuntu and Debian, but there is a different command for restarting the service.

Again, first open the SSH configuration file using a text editor, here we’ll use vi:

sudo vi /etc/ssh/sshd_config

Find the #Port 22 line, and just like the previous steps, change it by uncommenting and entering the new port number:

Port 2222

After saving and exiting the vi editor, restart the SSH service:

sudo systemctl restart sshd

Arch Linux Systems

Arch Linux also configures the SSH service using the sshd_config file. The process for modifying it is similar to the aforementioned systems.

Open the configuration file using a text editor:

sudo nano /etc/ssh/sshd_config

Change the Port line by entering the new port number you have chosen:

Port 2222

Save the file and proceed to restart the SSH service:

sudo systemctl restart sshd

Configuring the Firewall on Linux Servers

After changing the port, you must ensure the new port is allowed through the server’s firewall. For iptables, you can add a rule to allow traffic on the new port:

sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

Important Considerations:

  • Backup configuration files: It’s always a good idea to back up the original configuration file before making any changes. This way, if an issue arises, you can revert to the original settings quickly.
  • Choose an appropriate port: Avoid using well-known ports other than the default and also avoid using ports that the system reserves for specific services.
  • Update firewall rules: After changing the port, make sure to update the server’s firewall rules to allow traffic through the new port.
  • Test the new configuration: Before closing the current SSH session, open a new session to test if you can successfully connect through the new port.
  • Inform users: If you are not the sole user of the server, inform all users about the new port number.