SSH was created as a solution to replace both file transfer protocol FTP (port 21) and remote access protocol telnet (port 23), so port 22 was a particularly fitting choice.
Changing SSH port on the server
You can make SSH server run on any available port by changing the Port directive in the /etc/ssh/sshd_config file.
Usually Port is the very first option defined in the file, and it’s commented out if default value is used:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
just update this section by uncommenting Port and changing 22 to the port number you need, like 212 in this example:
Port 212
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
For privileged port (port number less than 1024), you would have to start sshd as root.
For non-privileged port (port number above 1024), you can start sshd as a regular user on your server.
Best practice: change default SSH port
If you are running SSH server on publicly available IP addrrsses, it’s best to minimize your chances of having SSH access compromsied:
change the default port for SSH (to limit chances of SSH being discovered by external scans)
switch to key only authentication (prevents password brute force attacks)
use firewall to allow SSH access from known IP networks only (if possible)
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!
Default SSH port 22