I am a new Linux/Unix server admin. How do I change the SSH Port for my Linux or Unix server using command line option?
You can easily change the SSH Port for Your Linux or Unix server. The ssh port defined in sshd_config file. This file located in /etc/ssh/sshd_config location.
Procedure to change the SSH Port for Linux or Unix Server
- Open the terminal application and connect to your server via SSH.
- Locate sshd_config file by typing the find command.
- Edit the sshd server file and set Port option.
- Save and close the file
- Restart the sshd service to change the ssh port in Linux.
Locate sshd_config file by typing the following command
$ find / -name "sshd_config" 2>/dev/null
Sample outputs:
/etc/ssh/sshd_config
The find command try to locate sshd server config file named sshd_config. I added the 2>/dev/null at the end to hide find command permission denied messages warning/spam.
Edit the file and set Port option
Type the following command:
$ sudo vi /etc/ssh/sshd_config
Locate line that read as follows:
Port 22
OR
#Port 22
To set the port to 2222, enter:
Port 2222
Save and close the file. Please note that port numbers 0-1023 are reserved for various system services. Hence, I recommend choosing port numbers between 1024 and 65535. Here is a common list of privileged services and designated as well-known ports:
| Port | Protocol | Service |
|---|---|---|
| 20 | tcp | ftp-data |
| 21 | tcp | ftp server |
| 22 | tcp | ssh server |
| 23 | tcp | telnet server |
| 25 | tcp | email server |
| 53 | tcp/udp | Domain name server |
| 69 | udp | tftp server |
| 80 | tcp | HTTP server |
| 110 | tcp/udp | POP3 server |
| 123 | tcp/udp | NTP server |
| 443 | tcp | HTTPS server |
Use the cat command/grep command/egrep command to see internet network services list:
cat /etc/services
less /etc/services
more /etc/services
grep -w '22/tcp' /etc/services
grep SSH /etc/services
grep -w '80/tcp' /etc/services
egrep -w '(80|443|110|53)/tcp' /etc/services
A note about SELinux users
You must type the following command to change port to 2222:
# semanage port -a -t ssh_port_t -p tcp 2222
Updating your firewall to accept the ssh port 2222 in Linux
If you are using UFW on a Ubuntu/Debian Linux, type:
$ sudo ufw allow 2222/tcp
The syntax for iptables is as follows
$ sudo /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
The syntax for pf firewall is as follows (FreeBSD/OpenBSD/NetBSD Unix) in your pf.conf:
pass log on $ext_if proto tcp to any port 2222 keep state
To open the new port run the following commands on Fedora/CentOS/RHEL/Oracle Linux using FirewallD
$ sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
$ sudo firewall-cmd --reload
Warning: You must update your firewall settings to accept new port. Otherwise the following command will lock down your ssh access.
Restart the sshd service
Type the following command on a CentOS/RHEL/Fedora Linux:
$ sudo service sshd restart
OR if you are using CentOS/RHEL/Fedora Linux with systemd:
$ sudo systemctl restart sshd
OR if you are using Ubuntu/Debian/Mint Linux:
$ sudo service ssh restart
OR if you are using Ubuntu/Debian/Mint Linux with systemd:
$ sudo systemctl restart ssh
Or if you are using FreeBSD Unix, enter:
$ sudo service sshd restart
How to verify that TCP port 2222 opened
Use the netstat command or ss command:
ss -tulpn | grep 2222
netstat -tulpn | grep 2222
How to use the new SSH port with command line
The syntax is:
ssh -p {port} user@server
sftp -P {port} openssh-server
scp -P {port} source target
scp -P {port} /path/to/foo user@server:/dest/
For example:
ssh -p 2222 vivek@server1.cyberciti.biz
Conclusion
This page explained how to change the SSH port on both Linux and Unix-like systems including ssh command line option for connecting the server. For further information please see the following resources:
