One of the first tasks when setting up a new server is to change the SSH port to something else. By default, the SSH server listens for incoming connections on port 22. So the first time you connect to it, that’s the setting you need.
The best program to connect via SSH is PuTTY. It’s free and open-source, and is the industry standard for SSH connections. By default, PuTTY connects to port 22 for SSH:
However, hackers are constantly probing servers for weaknesses, and port 22 is one of their favorites. Sure, you might have a strong password. But the very fact that your server has to expend resources checking that combination is itself a problem. The best solution is to simply change the SSH port to something less common.
Now this by itself won’t provide you with security. In fact, it’s part of a philosophy called “security by obfuscation”, which is generally viewed in a bad light. But it has its uses, even though you can’t rely on it by itself. In this article, I’ll show you how to change your SSH port to something else via the command line.
This requires the following:
- Determining the new port number
- Opening that port in the firewall
- Disabling port 22
Step 1: Decide on a New Port and Open it in the Firewall
When you get a new VPS server from NameHero, it comes pre-configured with a CSF firewall. This is an easy to use program that allows you to configure your network security by blocking and allowing ports among other things. By default, the CSF firewall allows only a few select ports to remain open while blocking everything else. Here’s a tutorial on how to open ports on a NameHero VPS.
So the first step in changing the default SSH port is to open our desired port in the firewall. Here’s a tutorial on how to open ports in CSF. For this example, I’m using port 2208 as our new port to which we want to connect via SSH. It can be any number you want, provided it’s not already in use by an existing service.
Step 2: Disabling Port 22
Now that we’ve opened our new port (2208 in this case), we can disable port 22. Login to your SSH and open the sshd_config file in whichever text editor you like. I use “vi” for this purpose:
When you scroll down the open file, you should see a line saying “#Port 22” as shown here:
The “#” character designates the line as a comment. Remove the “#” and change the port name to whatever you had decided on earlier. So for example, to designate 2208 as your preferred port, it should finally look like this:
Once you’re satisfied with your changes, you can save the file. Now we need to restart the SSH service. To do that, type in:
systemctl restart sshd.service
Once the service has restarted, exit the shell. This time if you try and connect again via port 22, you should get an error message telling you that the connection has been refused like this:
That’s it! Now change the port connection parameter to the new one, and you should be able to connect without any problems. Congratulations! You’ve just changed your SSH port and make your VPS server a bit more secure.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!