You are currently viewing How to Disable SSH Port 22 and Set a Custom Port on Linux

How to Disable SSH Port 22 and Set a Custom Port on Linux

SSH (Secure Shell) is a widely used protocol for securely accessing remote systems. By default, SSH listens on port 22. However, changing this default port can enhance security by reducing the risk of automated attacks. In this guide, we’ll walk you through the steps on how to disable port 22 and set a custom SSH port on Linux systems.

Prerequisites

  • A Linux server with SSH access.
  • Sudo privileges to modify configuration files.

Step 1: Port Selection

Decide on the custom port to use. Make sure the new port is not used by other services and is within the range of allowed ports (e.g., 1024–65535). To check if the port selected is in use, use any of the following methods: If no output is displayed, then the port is available for use. Note that most common ports are usually not within the given range, and so safe for use. 

1. ss -tuln | grep :<port_number>
2. sudo netstat -tuln | grep :<port_number>
3. sudo lsof -i :<port_number>
4. sudo fuser <port_number>/tcp

A list of some of the most common ports:

Below is a list of the common ports used and is not recommended for use in custom ssh port due to potential conflicts and security considerations. It’s recommended when selecting a custom ssh port you don’t use any of these. Remember to select a port between the range 1024–65535.

20 – FTP (File Transfer Protocol) Data
21 – FTP Control
22 – SSH (Secure Shell)
23 – Telnet
25 – SMTP (Simple Mail Transfer Protocol)
53 – DNS (Domain Name System)
80 – HTTP (Hypertext Transfer Protocol)
110 – POP3 (Post Office Protocol)
143 – IMAP (Internet Message Access Protocol)
161 – SNMP (Simple Network Management Protocol)
194 – IRC (Internet Relay Chat)
443 – HTTPS (HTTP Secure)
465 – SMTPS (SMTP Secure)
993 – IMAPS (IMAP Secure)
995 – POP3S (POP3 Secure)
1433 – Microsoft SQL Server
1521 – Oracle Database
3306 – MySQL
3389 – RDP (Remote Desktop Protocol)
5432 – PostgreSQL
6379 – Redis
8080 – HTTP (Alternate)

Step 2: Edit the SSH Configuration File

Open the SSH configuration file in a text editor. Here, we’ll use nano:

sudo nano /etc/ssh/sshd_config

Locate the line that specifies the port. It should look like this:

#Port 22

Uncomment the line by removing the # and change 22 to your desired port number (e.g., 2222):

Port 2222

Save the file and exit.

Step 3: Adjust Firewall Rules

This step is optional. If the firewall service is not running, proceed to test if the new port is accessible from outside the current server.

Testing connectivity:

telnet hostIP new-ssh-port
example:
telnet 914.234.166.24 2222

If you have a firewall enabled, you’ll need to allow traffic on the new SSH port and block port 22. Once done, repeat the above test from a different machine to confirm connectivity.

For systems using firewalls:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --permanent --remove-port=22/tcp
sudo firewall-cmd --reload

For systems using iptables:

sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

Make sure to save your iptables configuration to persist across reboots.

Optional step:

Sometimes, firewalld service may be masked. The steps below show how to unmask the service. This step is optional:

sudo systemctl unmask firewalld.service #Unmask the firewalld service:
sudo systemctl enable firewalld.service #Enable the firewalld service:
sudo systemctl start firewalld.service #Start the firewalld service:
systemctl status firewalld.service  #Check the status to ensure it’s running:

Before enabling the firewalld, you can check if the

Step 4: Restart the SSH Service

After making changes to the SSH configuration, restart the SSH service for the changes to take effect:

sudo systemctl restart sshd

Step 5: Verify the New Configuration

Check the open ports again to ensure your new port is listening: use any of the following commds:

1. ss -tuln | grep :<port_number>
2. sudo netstat -tuln | grep :<port_number>
3. sudo lsof -i :<port_number>
4. sudo fuser <port_number>/tcp

Try connecting to your server using the new port:

ssh -p 2222 username@your_server_ip

Using SSH Commands with Custom Ports

### 1. SSH Login
```bash
ssh -p <port> user@hostname

### 2. SCP File Transfer
## 2.1 Copy from Local to Remote
scp -P <port> file.txt user@hostname:/path/to/destination
## 2.2 Copy from Remote to Local
scp -P <port> user@hostname:/path/to/file.txt /local/destination

### 3. SFTP (Secure File Transfer Protocol)
sftp -P <port> user@hostname

### 4. SSH Key Copy
ssh-copy-id -p <port> user@hostname

Conclusion

This guide has illustrated How to Disable SSH Port 22 and Set a Custom Port on Linux. Changing the default SSH port from 22 to a custom port can enhance the security of your Linux server. Always ensure that your firewall rules are updated accordingly to prevent unauthorized access. If you encounter issues, check your SSH configuration and firewall settings.

Make a donation to support us

Web Hosting and email hosting Packages

Hosting In Kenya
Hosting In Nigeria
Other Countries

For web development services, SEO services, Digital marketing strategies, website set up services, web hosting and domain registration; contact Dynamic Technologies.

Related content:

  1. How to deploy a Node.js Application on an Nginx Web Server
  2. Introduction to Linux Commands
  3. Deploy a Django Application on EC2 Instance with Nginx
  4. How to create a user in Linux
  5. How to disable root User Login on centos
Tags: , ,