Run the SSH Server on a Port Other Than 22 – Ubuntu Guide

Run the SSH Server on a Port Other Than 22 - Ubuntu Guide

SSH (Secure Shell) is a network protocol that allows secure remote login and other network services over an unsecured network. It provides a secure channel over an otherwise insecure network by using encryption. The default port for SSH is port 22. This port is universally recognized and is the standard for SSH communications.

Changing the default SSH port can be a useful measure for improving security. Port 22 is well-known and frequently targeted by automated attacks and brute-force attempts. By selecting a less common port number, you can reduce the number of automated attacks and potential unauthorized access attempts, adding an additional layer of obscurity to your system.

Table of Contents
  1. Benefits of Changing the SSH Port
    1. Step 1: Install SSH Server (If Not Already Installed)
    2. Step 2: Choose a New Port Number
    3. Step 3: Configure SSH to Use the New Port
    4. Step 4: Adjust Firewall Settings
    5. Step 5: Restart the SSH Service
    6. Step 6: Update SSH Client Configuration
  2. Affordable VPS Hosting With Dracula Servers
    1. Troubleshooting
    2. Conclusion

This guide will demonstrate how you can easily change the default SSH port to a port other than 22.

Benefits of Changing the SSH Port

While changing the SSH port alone does not provide robust security, it can act as a deterrent against automated attacks. Using a non-standard port makes it less likely that automated scripts and bots will target your server, as they often scan for default ports like 22.

Automated scanning tools typically look for services running on standard ports. By moving SSH to a different port, you can minimize the number of these automated attacks. This doesn’t replace the need for strong passwords and key-based authentication but can reduce the volume of attack attempts your server receives.

Step 1: Install SSH Server (If Not Already Installed)

Check for SSH Installation

To verify if the SSH server is already installed on your Ubuntu system, you can use the following command to check the status of the SSH service:

sudo systemctl status ssh

If the SSH server is installed, you will see an output indicating that the service is active (running) or inactive. If the service is not found, it means that SSH is not installed.

Install OpenSSH Server

If SSH is not installed, you can easily install it using the package manager. Run the following commands to update your package list and install the OpenSSH server:

sudo apt update && sudo apt install openssh-server

This command will first update your package repository to ensure you have the latest package information, and then it will install the openssh-server package, which includes the SSH server.

Step 2: Choose a New Port Number

Selecting an Alternative Port

When selecting a new port number for your SSH server, consider choosing a port within the range of 1024 to 49151. This range is reserved for user-defined applications and is less likely to conflict with well-known ports used by other services.

Recommendations:

  1. Choose a Port Between 1024 and 49151: Avoid using ports below 1024, as these are known as well-known ports and are commonly used by other system services.
  2. Avoid Ports in Use by Other Services: Ensure that the port you select is not already in use by other services on your system. You can check for open ports using the netstat or ss command:
    sudo netstat -tuln

    or

    sudo ss -tuln

    Look through the list to ensure the port you choose is not listed as being in use.

By following these steps, you will ensure that your SSH server runs on a non-standard port, helping to enhance security and reduce the likelihood of automated attacks.

Step 3: Configure SSH to Use the New Port

Edit the SSH Configuration File

To change the SSH port, you need to edit the SSH server configuration file, which is typically located at /etc/ssh/sshd_config. Open this file in your preferred text editor. Here, we use nano for simplicity:

sudo nano /etc/ssh/sshd_config

Modify the Port Setting

In the configuration file, look for the line that specifies the port number. It will look like this:

#Port 22

Uncomment this line by removing the # at the beginning, and change 22 to your desired port number. For example, to use port 2222, modify the line as follows:

Port 2222

Save the file and exit the text editor. In nano, you can do this by pressing Ctrl+X, then Y to confirm the changes, and Enter to save.

Step 4: Adjust Firewall Settings

Allow the New SSH Port Through the Firewall

If you have a firewall enabled on your Ubuntu system, you need to configure it to allow traffic on the new SSH port. Ubuntu uses ufw (Uncomplicated Firewall) by default, which makes it easy to manage firewall rules.

To allow traffic on the new SSH port, use the following command, replacing 2222 with the port number you chose:

sudo ufw allow 2222/tcp

Verify the Firewall Rule

To ensure that the new rule has been added correctly, you can list the current firewall rules with the following command:

sudo ufw status

This command will display a list of allowed services and ports, including your newly added SSH port. Ensure that you see an entry similar to:

2222/tcp                   ALLOW       Anywhere
2222/tcp (v6)              ALLOW       Anywhere (v6)

With these steps, you’ve successfully configured your firewall to allow SSH connections on your chosen port, enhancing the security of your SSH service.

Step 5: Restart the SSH Service

Restart SSH to Apply Changes

After updating the configuration file and adjusting the firewall, you need to restart the SSH service to apply the changes. Use the following command to restart the SSH daemon:

sudo systemctl restart ssh

Verify SSH Service Status

Ensure that the SSH service is running correctly after the restart by checking its status:

sudo systemctl status ssh

You should see an output indicating that the SSH service is active and running. If there are any errors, they will be displayed here, which can help in troubleshooting.

Step 6: Update SSH Client Configuration

Connect to the SSH Server on the New Port

Now that the SSH server is configured to listen on the new port, you need to specify this port when connecting from an SSH client. You can do this by using the -p option followed by the port number. For example, if your new port is 2222, use the following command:

ssh -p 2222 username@hostname

Replace username with your SSH username and hostname with the IP address or domain name of your SSH server.

Update SSH Client Configuration (Optional)

For convenience, you can add the new port configuration to your SSH client settings, so you don’t have to specify the port number each time you connect. Edit the ~/.ssh/config file (create it if it doesn’t exist) and add an entry like this:

Host myserver
    HostName hostname
    User username
    Port 2222

Replace myserver with a name you want to use for this connection, hostname with your server’s address, username with your SSH username, and 2222 with your new SSH port. Save the file and you can now connect using a simplified command:

ssh myserver

With these steps, you’ve successfully configured your SSH client to connect to your server on the new port, making your remote management process more secure and streamlined.

Affordable VPS Hosting With Dracula Servers

Looking for reliable and budget-friendly Virtual Private Server (VPS) hosting? Look no further than Dracula Servers. Dracula Servers offers a range of VPS hosting plans tailored to meet diverse needs. With competitive pricing, robust performance, and a user-friendly interface, it’s an excellent choice for individuals and businesses alike.

Explore the Dracula Servers website to discover hosting solutions that align with your requirements and take your online presence to new heights with their affordable and efficient VPS hosting services.

Visit Dracula Servers and experience reliable VPS hosting without breaking the bank.

Troubleshooting

Common Issues and Solutions

When changing the SSH port, you may encounter several common issues. Here are some potential problems and solutions:

  1. SSH Connection Failures
    • Symptom: Unable to connect to the SSH server on the new port.
    • Solution: Ensure that the SSH service is running and listening on the new port. Use the following command to check the status:
      sudo systemctl status ssh

      Verify that the new port is listed and active. If not, double-check the /etc/ssh/sshd_config file for typos or incorrect configurations.

  2. Firewall Misconfigurations
    • Symptom: The SSH connection is blocked or not reaching the server.
    • Solution: Ensure that the firewall is configured to allow traffic on the new SSH port. Check the firewall status with:
      sudo ufw status

      If the new port is not listed, add it using:

      sudo ufw allow [new_port_number]/tcp

      Replace [new_port_number] with your chosen port.

Reverting to the Default Port

If you need to revert to the default SSH port (22), follow these steps:

  1. Edit the SSH Configuration File
    • Open the SSH configuration file in a text editor:
      sudo nano /etc/ssh/sshd_config
    • Find the line that specifies the new port (e.g., Port 2222) and change it back to Port 22.
  2. Restart the SSH Service
    • Apply the changes by restarting the SSH service:
      sudo systemctl restart ssh
  3. Update Firewall Rules
    • If you modified firewall rules to allow the new port, revert those changes:
      sudo ufw delete allow [new_port_number]/tcp
sudo ufw allow 22/tcp

By following these steps, you can revert your SSH configuration back to its default settings.

Conclusion

In this guide, we covered how to change the SSH server port on an Ubuntu system. We began by verifying the SSH installation and choosing a new port number, then edited the SSH configuration file and updated the firewall rules. Finally, we restarted the SSH service and updated our SSH client configuration.

Changing the default SSH port is a simple yet effective way to enhance security through obscurity. However, it’s essential to follow other best practices as well. Regularly update your system, use strong passwords or SSH keys, and stay informed about the latest security measures to keep your server secure. Experiment with different configurations to find what best suits your needs while ensuring your system remains protected.

Check out More Linux Tutorials Here!

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
× Dracula Servers

Subscribe to DraculaHosting and get exclusive content and discounts on VPS services.