SSH port
Default SSH port 22
SSH was created as a solution to replace both file transfer protocol FTP (port 21) and remote access protocol telnet (port 23), so port 22 was a particularly fitting choice.
Changing SSH port on the server
You can make SSH server run on any available port by changing the Port directive in the /etc/ssh/sshd_config file.
Usually Port is the very first option defined in the file, and it’s commented out if default value is used:
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::just update this section by uncommenting Port and changing 22 to the port number you need, like 212 in this example:
Port 212
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::For privileged port (port number less than 1024), you would have to start sshd as root.
For non-privileged port (port number above 1024), you can start sshd as a regular user on your server.
Best practice: change default SSH port
If you are running SSH server on publicly available IP addrrsses, it’s best to minimize your chances of having SSH access compromsied:
- change the default port for SSH (to limit chances of SSH being discovered by external scans)
- switch to key only authentication (prevents password brute force attacks)
- use firewall to allow SSH access from known IP networks only (if possible)
See Also
SSH Basics
SSH Security & Authentication
- Passwordless SSH
- SSH Key Generation
- SSH Agent and How to Use It
- Deploy SSH Key to Remote Server
- Change SSH Key Passphrase
SSH Configuration & Management
- SSH Configuration Options
- Using Multiple SSH Ports
- Test SSHd Config on Different Port
- Enable SSH Server in Ubuntu
