How to Change the Default SSH Port on Ubuntu 20.04

Changing the Default SSH Port By default, the SSH port is 22. Since it is the default, hackers scanning ports will look for this, so we should change it to something more random. This helps avaoid brute force attacks!

Terms and Placeholders

SERVER-IP - Replace this with the ip number of your server MYUSER - Replace this with the username you will use for normal logins to the server "Bob, Joe, Linda, etc"

Step 1 - Changing the Port Number

Start by opening the SSH configuration:

$ sudo nano /etc/ssh/sshd_config

In the file, you will see. commented out line for the port number like this:

#Port 22

Now just uncomment it, and change it to a more obscure number that is higher than 1024. For example:

Port 5535

Now save the file by hitting [CTRL-X] then Y, then [ENTER]

Step 2 - Adjusting the Firewall

Assuming you followed our Ubuntu 20.04 - Initial Setup tutorial, you will have setup a rule in the UFW firewall to allow Port 22 for OpenSSH. We need to remove this now and change it to our new port. Enter the following command:

$ sudo ufw status numbered

You should see the following output:

     To                         Action      From
     --                         ------      ----
[ 1] OpenSSH                    ALLOW IN    Anywhere   
[ 2] OpenSSH (v6)               ALLOW IN    Anywhere (v6)    

We need to delete these:

$ sudo ufw delete 1

Press y + [ENTER] to proceed with the operation. Now there should only be one, so we repeat the same command again.

$ sudo ufw delete 1

Press y + [ENTER] to proceed with the operation. Now enter this command:

$ sudo ufw status

All you should see now is

Status: active

Now we need to add in the port number we created earler for SSH

$ sudo ufw allow 5535

*If you didn't use 5535 in the config file above, use whatever number you entered.

Finally, we need to reload the firewall and relaod the sshd service:

$ sudo systemctl reload sshd

Step 3 - SSH Back Into Your Server

For this part, open a new terminal window without disconnecting from the one you are working in. This way you suill have the original one open in case you made a mistake and need to go back and make a change.

Now if you open a terminal window and try to login to your server, you should not be able to get in. Go ahead and try from your local computer:

$ ssh MYUSER@SERVER-IP

You should not be able to get in. The reason is that now you need to add -p, followed by the port number you created after ssh. for example:

ssh -p 5535 MYUSER@SERVER-IP

And now you should be back into your server using an obscure port!




Blog Comments powered by Disqus.