How to change SSH port

Linux administration removal is usually performed via the application layer network protocol - SSH. Its peculiarity is that it allows tunneling of TCP connections. It appeared back in 1995, but even today has not lost its relevance. The protocol allows using a graphical shell to perform administration, for this purpose it is enough to use the command line, as well as to monitor remote file systems and perform various file operations.

SSH-server by default works using the 22nd TCP port. But in some cases there is a need to change this port. Usually the need arises in order to provide preventive protection against bruteforce attacks directed exactly at port 22, or to free this port occupied by another application. In general, there are many different situations, and regardless of the reason, you can change the port with a little effort.

Changing the SSH port

In most types of Linux, the SSH server configuration file is located at /etc/ssh/sshd_config.

To find out exactly where it is located, use the command:

$ sudo find /etc/ -name "sshd_config"

Once you know the path, open the sshd_config file in a text editor:

$ sudo nano /etc/ssh/sshd_config

In the opened editor, we are primarily interested in line number 22. Find and change the value of Port 22 to Port 333. It may be that the line is commented out, in which case remove the comment and change the port value from the example above. Don't forget to save your changes.

The next command is to restart the SSH domain:

$ sudo systemctl restart sshd

To check the result of the work run the command:

$ sudo netstat -tupln | grep ssh

In the editor that opens, we are interested in the line tcp 0.0.0.0.0:333 LISTEN, which tells us that the specified Port 333 is in use.

In all SSH clients, don't forget to change the port. Also do not forget to add the port to the firewall exclusion list, if your system has one. And it is desirable to do this immediately before you reboot SSH on the server to which the connection is established.

For UFV command:

$ sudo ufw allow 333/tcp

For iptables the command is different:

$ sudo firewall-cmd --permanent --add-port=333/tcp

sudo firewall-cmd reload

Port 333 is listed as an example, just to show you how to make the change on your system. There is nothing complicated about it. In just a few minutes you can get rid of the annoying bot attack.