Eren Can Uçar

Recent Notes

Ubuntu Server Port Change

4 min read

Changing the default SSH port (22) on your Ubuntu server is one of the first security measures you should implement. This simple change can significantly reduce automated attacks on your server. In this guide, I’ll walk you through the complete process of changing your SSH port step by step.

Why Change the Default SSH Port?

The default SSH port (22) is well-known and frequently targeted by automated attacks. By changing it to a custom port, you can:

  • Reduce the number of automated brute-force attacks
  • Improve your server’s security posture
  • Make your server less visible to port scanners

Step-by-Step Implementation

Step 1: Edit the SSHD Configuration File

After connecting to your server via PuTTY or Terminal, open the SSHD configuration file with the following command:

sudo apt-get install nano -y && nano /etc/ssh/sshd_config

In the opened editor, find the following line:

#Port 22

Remove the # symbol at the beginning of the line and change the port number. Port 22777 is used as an example here. You can write your own custom number:

Port 22777

Example SSHD Config File After Modification:

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
 
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
 
Include /etc/ssh/sshd_config.d/*.conf
 
Port 22777
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
 
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
 
# Ciphers and keying
#RekeyLimit default none
 
# Logging
#SyslogFacility AUTH
#LogLevel INFO

Save the file: Press Ctrl + X, then Y, and finally Enter to save and exit.

Step 2: Add New SSH Port to Firewall

First, check if your firewall service is active. Ubuntu generally comes with UFW service installed. If your server has a different firewall service, you need to check it with the appropriate command.

ufw status

If you see output like this, it means the UFW service is active:

Status: active

Add your determined SSH port to the firewall. Below is the command that can be used for port 22777 as an example. You can replace 22777 with your chosen port:

sudo ufw allow 22777
ufw reload

Step 3: Restart SSH Service

Restart the SSH service using the following command:

sudo systemctl restart ssh

Step 4: Verification

Check if your SSH port has changed with this command. If you can see *:22777 (or your entered port), everything is working correctly:

ss -tnlp | grep ssh

Expected Sample Output:

root@host:~# ss -tnlp | grep ssh
LISTEN 0 128 0.0.0.0:22777 0.0.0.0:* users:(("sshd",pid=659693,fd=3))
LISTEN 0 128 [::]:22777 [::]:* users:(("sshd",pid=659693,fd=4))

Testing the New Configuration

  1. Before disconnecting, open a new terminal/PuTTY session
  2. Try connecting with the new port: ssh username@your-server-ip -p 22777
  3. If successful, you can safely close the old session

Important Security Considerations

⚠️ Warning

  • Never close your current SSH session until you’ve verified the new port works
  • Always test the new configuration in a separate session first
  • Keep a backup method to access your server (console access, etc.)

Additional Security Tips

  1. Choose a Non-Standard Port: Avoid common ports like 80, 443, 8080, etc.
  2. Port Range: Use ports between 1024-65535 for custom services
  3. Document Changes: Keep a record of your custom port number
  4. Update Your Scripts: Remember to update any automation scripts that connect to your server

Troubleshooting

Common Issues:

Port Already in Use:

sudo netstat -tulpn | grep :22777

Firewall Blocking Connection:

sudo ufw status numbered
sudo ufw delete [rule-number]

SSH Service Not Starting:

sudo systemctl status ssh
sudo journalctl -u ssh

Connecting with New Port

After changing the port, you’ll need to specify it when connecting:

Using SSH Command:

ssh username@server-ip -p 22777

Using PuTTY:

  • Enter your server IP in the “Host Name” field
  • Change the “Port” field from 22 to your new port (e.g., 22777)
  • Click “Open” to connect

Conclusion

You can now restart your server and access it using your determined port. Changing the SSH port is a simple yet effective security measure that can significantly reduce unauthorized access attempts to your server.

Remember to update any documentation, scripts, or tools that connect to your server with the new port number. This small change will make your Ubuntu server more secure against automated attacks while maintaining full functionality.

Always test SSH port changes carefully and maintain alternative access methods to your server during configuration changes.

Graph View