How to Change the SSH Port in Linux

SSH (Secure Shell or Secure Socket Shell) is an open encrypted network protocol. It provides a safe way for users to access a computer to communicate and share data over an unsecured network. SSH uses a client-server model to provide encrypted data communications, strong password authentication, and public key authentication. 

Network administrators frequently use SSH to manage systems and applications. SSH also helps network administrators by allowing them to execute commands, move files, and log in to another computer over a network. It is mainly used to perform operations on a remote computer by login. 

SSH is utilized for port forwarding, tunneling, and the execution of Linux server commands. It is significant to set up SSH in Linux. Before changing the SSH port in Linux, it is essential to know the components of SSH command, various SSH commands, SSH command-line options, and SSH working. 

Components of SSH Command

Simplify SSH with SSH Config Files - James Ridgway

SSH command has three components. They are the following.

 • SSH command

 SSH command tells the machine to make an encrypted, safe connection to the host system.

 • Username

 The name of a Linux user whose information is accessed by the host machine is the user name.

 • Host

 IP address, domain name, and the user’s machine, such as a router or computer, are known as the host. 

SSH Commands

An unsecured network-to-host encrypted connection is made possible by the ssh command. There are many SSH commands. They are the following.

 • ssh-keygen

 ssh-keygen is used to create a key pair for public key authentication and connection establishment.

 • ssh-add

 ssh-add is used to add a key to the agent.

 • ssh-copy-id

On a server, ssh-copy-id is used to set a public key up as a legitimate user.

 • ssh-agent

For single sign-on, ssh-agent is used to create an agent that holds the private key.

 • sshd

 sshd is a Linux-based OpenSSH server.

 • sftp

sfp is a file transfer client. This SSH command provides an FTP-like command-line interface.

 • scp

Scp is a file transfer client. This SSH command provides an RCP-like command-line interface.

SSH command-line options

Port forwarding can be set up with the help of command-line options. There are several SSH command-line options. They are the following.

 • -c

  For non-IN data, -c is used to specify the query class.

• -A

-A is used to enable the authentication agent connection’s forwarding.

• -a

-a is used to disable the authentication agent connection’s forwarding.

 • -C

 On authoritative nameservers, -C is used to compare SOA records.

• -l

 Using AXFR, -I is used to listing all domain hosts.

 • -m

 The memory debugging flags, such as trace, usage, or record, is set by -m.

 • -N

 -N is used to alter the permitted number of dots before root lookup.

 • -v

 -v is utilized to print debugging messages for SSH connection. It is also used for the verbose result.

 • -V

 -V displays the version number of the SSH tool

 • -r

 Recursive processing is disabled by using -r.

 • -R

 -R specifies the number of times UDP packets can be retried.

 • -s

 -s is used to stop the query when a SERVFAIL response is received.

 • -t

 The query type is specified with -t.

 • -T

 The TCP/IP model is enabled using -T.

 • -w

 -w specifies the interminable response delay.

 • -W

 -W indicates how long to hang tight for an answer.

 • -6

 -6 is used for transporting IPv6 queries.

 • -4

 -4 is used for transporting IPv4 queries.

 • -d

  -d has the same use as -v.

 • -i

 IP6.INT reverse lookups rely on -i.

Working of SSH

A host and client are needed to establish an SSH connection. The client and host can be a domain name, server, or IP address. The SSH client and SSH server should be connected to each other. The client establishes the connection by utilizing the host information. The SSH client and SSH server will be connected if the credential provided is verified.

The following process is carried out while SSH working.

  • The client contacts the server to initiate the connection. 
  • Sends server public key.
  • Set terms and open a secure channel.
  • User login to an operating system hosted by the server

Changing the SSH Port in Linux

How to Connect to Your Website Via SSH (And Why You'd Want To)

Following are the steps to change the SSH port in Linux.

1. Adjusting the Firewall

A firewall is a network security system that monitors and filters incoming and outgoing network traffic to prevent unauthorized access to a network. Adjusting the firewall is the first step while changing the SSH port in Linux. Updating firewall settings is needed to accept the new port.

Run the following command to open the new SSH port if you use UFW (Uncomplicated Firewall) on Debian or Ubuntu.

$ sudo ufw allow 5522/tcp

Run the following command to open the new SSH port if you are utilizing UFW (Uncomplicated Firewall) on Fedora/CentOS/RHEL/Oracle

$ sudo firewall-cmd --permanent --zone=public --add-port=5522/tcp
$ sudo firewall-cmd --reload

2. Connecting SSH

Connecting remotely to Debian, Ubuntu, and CentOS servers using SSH is the next step after adjusting the firewall. Run the following command to establish a connection.

ssh your_username@host_ip_address

Run the following command if the machine you want to connect has verified the user name.

ssh host_ip_address

Type the password and press enter key. For first-time connection, type yes to continue connecting and press enter key.

3. Configuring SSH

Run the following command to open the SSH configuration file /etc/ssh/sshd_config in a text editor

$ find / -name "sshd_config" -print

Find the line that starts with Port 22. This line typically begins with a hash (#) character. Enter the new SSH port number after erasing the hash #. The SSH service might not start if the configuration is wrong. For example, port #22 is edited as 5522.

4. Save SSH File

Save the SSH file after modifying the SSH file according to the needs and close it.

 5. Restart SSH service

The last step to change the SSH port in Linux is restarting the sshd service to make changes in the SSH port. Run the following command to restart the SSH service in Debian, Mint, and Ubuntu.

$ sudo service ssh restart

# Ubuntu/Debian/Mint Linux with systemd #

$ sudo systemctl restart ssh

In order for the SSH daemon to bind on the new port, install the policycoreutils package in CentOS or RHEL and add the following rules to relax the SELinux policy.

# yum install policycoreutils

# semanage port -a -t ssh_port_t -p tcp 34627

# semanage port -m -t ssh_port_t -p tcp 34627

# systemctl restart sshd

# netstat -tlpn| grep ssh

# ss -tlpn| grep ssh

Run the following command to restart SSH service in RHEL, CentOS, and Fedora.

$ sudo service sshd restart

Run the following command to restart SSH service in RHEL, CentOS, and Fedora with systemd.

$ sudo systemctl restart sshd

After making changes, run the following command to establish an SSH connection.

ssh root@IP_address_of_the_server -p NewPort

Conclusion 

In Linux, changing the SSH port is a simple process. The ssh port is defined in the sshd_config file. Editing the SSH configuration file and restarting the service are required to change the SSH port. Linux users can use SSH key-based authentication to connect to Linux servers without entering a password. The client SSH has many capabilities, such as file transfer, making, configuring, holding a key, opening the SSH server, etc. 

Share this:

Leave a Comment