How to Run the SSH Server on a Port Other Than 22?
SSH server is a network-based communication protocol that enables two systems to communicate in an encrypted form over an unsecured network. In default settings, the SSH servers listen to port 22. However, users or network administrators can modify the port number to any available port according to their needs/requirements.
Changing the port of the SSH server comes with many advantages. As most servers run on default ports, unauthorized access attempts are common, so changing it to any other port will increase the server’s security. It can also reduce conflict with other services and systems.
Let’s configure your SSH settings to run the SSH server on any port other than 22.
Note: Although, the working of SSH is same across Linux, however, to make it clear, we have practiced all these commands on Ubuntu 22.04 LTS.
How to run the SSH server on a port other than 22?
To run the SSH server on a different port than the default port 2, you will need to make a few changes in your SSH configuration before that let’s run the SSH server and check the status of the SSH server.
Run the SSH server using this command:
sudo systemctl start ssh
After running the SSH server, check the status of the server by using this command:
sudo systemctl status ssh
As you can see, the system is running, and it’s running on the default port 22. Now, let’s proceed with the next step and check if the port we use is free or already in use.
Check Port Availability
Before going into the next step, let’s check the port availability. To check if port 1030 (used in this example) is already in use or free. To check that run this command:
sudo ss -tulpn | grep ':1030'
As the command doesn’t show any output for port usage, that means this port is empty for use. We can move forward with the configuration.
SSH Configuration File
To configure the SSH server; you will need to first open the configuration menu for the SSH server. To do that, run this command in your terminal:
sudo nano /etc/ssh/sshd_config
As soon as you will hit enter and enter your password the SSH configuration menu will open.
In the SSH configuration, locate the port settings, remove the # sign to activate the port, and change the port number to your desired port. In this example, port 1030 is used. After changing the port, you can use CLTR+S to save and CLTR+X to exit the SSH configuration menu.
Note: Port numbers from port 0 to port 1023 are reserved for system usage and are privileged ports. You can choose ports from 1024 onwards till 65535 as they are non-privileged ports and are available for assigning.
Upgrade Firewall Rules to Allow Port
Changing firewall rules is important as the new port will access the firewall for its connection. To add the rules in the firewall, you will be using the ufw command. This will add the newly assigned port to the firewall settings. To add the port run this command:
sudo ufw allow 1030/tcp
The output result of the above command shows that port 1030 is now added to the firewall rules. Let’s restart the SSH server to apply these changes to the system and its services. To do this, run this command:
sudo systemctl restart ssh
The server is now restarted. Let’s dive into the next step and test the newly assigned port.
Test the Newly Assigned Port
You can test the newly assigned port 1030 to check if SSH services are listening to it or not. To check this run the following command in your terminal:
sudo lsof -i -P | grep ssh
The output shows that port 1030 is listening both on IPv4 and IPv6.
Verify the Connection
The last step is to verify the connection to ensure the SSH server is connecting. To connect an SSH server on a custom port, you have to add the -p flag, which stands for port, and add the port number with it.
ssh -p 1030 [email protected]
You can use this with your given port number, with your user and system name. The command will look like this:
ssh -p <portnum> <[email protected]>
As the output shows the SSH server is not running on port 1030, by using the above steps, you can configure your SSH server port to any port number.
By default; the SSH listens on Port 22. However, for security reasons or just to have a customized port, the SSH server allows you to change the port number. For that, you need to configure the “sshd_config” file for that specific port and then allow it on the firewall as well. You have learned the step-by-step procedure to run an SSH server on a Port other than 22.