Changing the Default SSH Port and Updating Firewall Rules
Changing the default SSH port can reduce exposure to automated attacks. While not a full security measure, it's a helpful step when combined with firewalls and SSH key authentication.
1. Choose a New SSH Port
Pick a random unused port between 40000 and 65000. For this tutorial, we’ll use port 2222 as an example.
2. Update the SSH Configuration
sudo nano /etc/ssh/sshd_configFind the line:
#Port 22Uncomment it and change it to:
Port 22223. Adjust the Firewall Rules
Using UFW (Ubuntu/Debian):
sudo ufw allow 2222/tcp
sudo ufw delete allow 22/tcpUsing firewalld (RHEL/Fedora/CentOS):
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --permanent --remove-port=22/tcp
sudo firewall-cmd --reload4. Restart the SSH Service
sudo systemctl restart sshd5. Connect via New Port
Try logging in using the new port:
ssh -p 2222 user@your-server-ip6. Configure SSH Clients (Optional)
To avoid typing the port each time, create a host entry in ~/.ssh/config:
Host fastlayer
HostName your-server-ip
User youruser
Port 2222Then simply connect using:
ssh fastlayerSummary
Changing the SSH port helps obscure your server from automated scans and complements other SSH hardening steps such as key-based login and Fail2ban.
