Secure Shell or SSH is a network protocol that allows users to access servers remotely. This protocol also encrypts communication between servers to make it even more secure. Unfortunately, using standard Transmission Control Protocol (TCP) port 22 for SSH may be risky as it is vulnerable to various cyber attacks, especially brute-force attacks. Brute-force attacks are methods hackers use to gain access to encrypted confidential data. So, it’s best to change the default SSH port because this is a method to protect your SSH server. This article will teach you how to change SSH listening port on Ubuntu 24.04.
Prerequisites
An Ubuntu 24.04 VPS
SSH root access or user with sudo privileges
Conventions
# – given commands should be executed with root privileges either directly as a root user or by use of sudo command
$ – given commands should be executed as a regular user
Step 1. Login to the server
First, log in to your Ubuntu 24.04 server through SSH as the root user:
ssh root@IP_Address -p Port_number
You will need to replace ‘IP_Address‘ and ‘Port_number‘ with your server’s respective IP address and SSH port number. Additionally, replace ‘root’ with the username of the system user with sudo privileges.
You can check whether you have the proper Ubuntu version installed on your server with the following command:
# lsb_release -a
You should get this output:
No LSB modules are available.Distributor ID: UbuntuDescription: Ubuntu Noble NumbatRelease: 24.04Codename: noble
Step 2. Modify Firewall
This is the most important thing you need to do to change the SSH port on your Ubuntu server. Failing to do this will cost you a lot. You will be locked out of your system and unable to connect to it through SSH. Let’s first open the firewall for the port we are going to use.
If you use UFW (Uncomplicated Firewall), you can run this command below to open the port.
$ sudo ufw allow 2022/tcp comment ‘Allow SSH’
Or, if you are using iptables, you can execute this command instead.
$ sudo iptables -I INPUT -p tcp –dport 2022 -j ACCEPT
Make sure to use -I option to insert the rule on top of the list, and not -A option as this will place it on the bottom.
To save the new firewall rule, run this command:
$ sudo iptables-save > /etc/iptables/rules.v4
The command above will permanently save iptables firewall rules; the newly added rules will not be lost after you reboot your server.
Step 3. Change SSH Port
By default, SSH is listening on port 22. Your web hosting company may change your SSH port already, but you can change it to your desired port number. Let’s change the SSH port now.
$ sudo nano /etc/ssh/sshd_config
In this editor, find this line:
#Port 22
Uncomment it and replace 22 with 2022 or another number you want to be the new port.
Port 2022
Save the file, then exit the editor.
Please note if you already see this line
Port 22
Replace the number with the one you want to set as the new SSH port, then save the changes.
We need to restart the SSH service every time we change the /etc/ssh/sshd_config file.
$ sudo systemctl restart sshd
Congratulations! You have successfully changed the SSH listening port on Ubuntu 24.04.
If you liked this post on how to change SSH listening port on Ubuntu 24.04, please share it with your friends or leave a comment in the comments section.