How to change the default SSH port on a Linux VPS

There are many ways to secure your Linux VPS. Changing the default SSH port from the default 22 to another one, is one of the first things you should do to secure your Linux VPS. One of the major benefits of changing the default SSH port is to avoid being scanned by the casual port scans. Thousands of brute-force logins are attempting to gain access to servers around the world trying to login to the default SSH port looking for weak passwords on the default accounts. Some of them will even try to use usual variants such as port 222 or 2222. If you change the SSH port to a random number, for example 2569, you will get rid of most of these annoying, and sometimes dangerous brute-force attacks.

In this article we will show you how to change the default SSH port, to strengthen the security of your Linux VPS.

First of all, login to your server via SSH as user root

ssh root@IP_Address

Note that if SSH is listening on the default port 22, there is no need to specify the port. When the port will be changed, you will need to specify if when logging to the server via SSH. For example, if SSH is listening on port 1012 we can login to the server using the following command:

ssh root@IP_Address -p1012

Once you are logged in to the VPS as user root update the installed packages.
CentOS / Fedora

yum update -y

Ubuntu / Debian

apt-get update $$ apt-get upgrade

Once the system is updated, open the SSH configuration file with your favorite text editor and find the lines that specifies the SSH port.

vim /etc/ssh/sshd_config
#Port 22

Uncomment the relevant line by removing the # sign and change the default port 22 to the one that you want to use. In this article we will use port 1012.

Port 1012

Save the changes and exit.

NOTE: Before changing the port, you should make sure that the new port is free and it is not used by another service on your VPS. You should also check if the port is not closed in your server firewall.

Now, restart the SSH service for the changes to take effect.

service sshd restart

Once restarted, SSH will listen on port 1012. You can check this by executing the following command in the terminal

netstat -tunlp |grep ssh

tcp        0      0      *                   LISTEN      497/sshd

According to the output of the netstat command, the SSH port is changed, and it is now listening on port 1012.

You can secure SSH even more by using passwordless login with SSH keys, or two-step authentication as described in our previous blog articles.

Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to change the SSH port for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Categories: Tutorials