How to Change SSH Port on Linux or Unix

By default, SSH listens on port 22, if you want to change SSH port to a non-standard port can help enhance server security by making it harder for attackers to find and exploit SSH vulnerabilities. In this article, we will walk through the process of changing the SSH port on an AlmaLinux 8/9, Ubuntu, Debian, Centos, Rocky, FreeBSD, OpenBSD, and NetBSD Unix.

Change SSH port AlmaLinux 8/9 and Rocky

Step 1: Choose a New SSH Port

The first step in changing the SSH port is to choose a new port number. It is recommended to choose a port number between 1024 and 65535 that is not already in use by another service on the server. For this example, we will use port 2233.

Step 2: Modify the SSH Configuration File

The SSH configuration file is located at /etc/ssh/sshd_config. Before modifying the file, it is a good idea to create a backup copy in case you need to revert to the original configuration. To create a backup copy, run the following command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Next, open the SSH configuration file using a text editor such as nano:

nano /etc/ssh/sshd_config

Note: In case nano isn’t installed on your VPS, you can readily install it by executing the command: “dnf install nano”.

Locate the line that specifies the SSH port number:

#Port 22

Remove the “#” symbol at the beginning of the line to uncomment it, and change ssh port number to the new port that you have chosen:

Port 2233

Save and close the file by pressing Ctrl+X, then Y, then Enter.

Step 3: Modify the SELinux Policy

If SELinux Enforcing is enabled on your server, you will need to modify the SELinux policy to allow SSH to listen on the new port. To do this, run the following command:

sudo semanage port -a -t ssh_port_t -p tcp 2233

This command adds port 2233 to the list of ports allowed for SSH in the SELinux policy.

Note: In case semanage isn’t installed on your VPS, you can readily install it by executing the command: “dnf whatprovides /usr/sbin/semanage”:

dnf install policycoreutils-python-utils-3.4-4.el9.noarch

Step 4: Restart the SSH Service

After making the changes to the SSH configuration file and SELinux policy, you will need to restart the SSH service for the changes to take effect. To do this, run the following command:

sudo systemctl restart sshd

Change SSH port Ubuntu, Debian, Centos

Step 1: Once logged in, open the SSH configuration file using nano /etc/ssh/sshd_config

Step 2: Find the line that starts with “Port” and contains the current SSH port number. It should look like this: “Port 22”.

Step 3: Change SSH port number to a new number that you want to use. For example, “Port 2233”.

Step 4: Save and close the file by pressing Ctrl+X, then Y, then Enter.

Step 5: Restart the SSH service using the following command: “sudo service sshd restart” for Ubuntu and Debian, or “sudo systemctl restart sshd” for Centos.

Note: Make sure that the new SSH port number is not being used by any other service on your server, and update your firewall rules accordingly to allow traffic on the new SSH port number.

Change SSH port FreeBSD/OpenBSD/NetBSD Unix

To change SSH port on FreeBSD, OpenBSD, or NetBSD Unix, follow these steps:

Step 1: Login to your server via SSH with the current SSH port number and your username and password.

Step 2: Once logged in, open the SSH configuration file using a text editor. For FreeBSD and NetBSD, the file is located at “/etc/ssh/sshd_config”, and for OpenBSD, it is located at “/etc/ssh/sshd_config.local”.

Step 3: Find the line that starts with “Port” and contains the current SSH port number. It should look like this: “Port 22”.

Step 4: Change the current SSH port number to a new number that you want to use. For example, “Port 2233”.

Step 5: Save the changes to the SSH configuration file and close the text editor.

Step 6: Restart the SSH service using the following command: “sudo /etc/rc.d/sshd restart”.