UbuntuUbuntu Based

How To Change SSH Listening Port on Ubuntu 24.04 LTS

r00t

Change SSH Listening Port on Ubuntu 24.04

In this tutorial, we will show you how to change SSH listening port on Ubuntu 24.04 LTS. Secure Shell (SSH) is a crucial protocol for securely accessing and managing remote servers. By default, SSH listens on port 22, which is widely known and often targeted by malicious actors. Changing the default SSH port is a simple yet effective way to enhance your server’s security and reduce the risk of automated attacks.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step change SSH listening port on Ubuntu 24.04 (Noble Numbat). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies.
  • An Ubuntu 24.04 system with root access or a user with sudo privileges.

Change SSH Listening Port on Ubuntu 24.04 LTS

Step 1. Install OpenSSH Server.

To get started, you need to have the OpenSSH server installed on your Ubuntu 24.04 system. If it’s not already installed, you can do so by running the following command:

sudo apt update && sudo apt install openssh-server

This command will update your package lists and install the OpenSSH server package. Once the installation is complete, you can verify that the SSH service is running by using the command:

sudo systemctl status ssh

If the SSH service is active and running, you will see an output similar to:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-06-24 06:13:00 UTC; 1min ago

Step 2. Step 2: Backup SSH Configuration File.

Before making any changes to the SSH configuration file, it’s always a good practice to create a backup. This way, if something goes wrong, you can easily revert to the original configuration. To create a backup, use the following command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

This command creates a copy of the sshd_config file with the .bak extension, ensuring that you have a fallback option if needed.

Step 3. Modify SSH Configuration File.

Now that you have a backup, it’s time to modify the SSH configuration file to change the listening port. Open the sshd_config file using your preferred text editor with sudo privileges:

sudo nano /etc/ssh/sshd_config

Once the file is open, locate the line that starts with #Port 22. Remove the # symbol to uncomment the line, and change the port number to your desired value. For example, to change the SSH port to 2022, modify the line to:

Port 2022

In addition to changing the port, you can also configure other SSH settings to further enhance security. Some recommended options include:

    • ListenAddress: Specify the IP address(es) on which SSH should listen. By default, SSH listens on all available interfaces.
    • PermitRootLogin: Disable root login by setting this option to no.
    • PasswordAuthentication: Disable password-based authentication and enforce key-based authentication by setting this option to no.

After making the necessary changes, save the file and exit the text editor. In nano, you can do this by pressing Ctrl+X, then Y, and finally Enter.

Step 4. Update Firewall Rules.

If you have a firewall enabled on your Ubuntu 24.04 server, you need to update the firewall rules to allow incoming connections on the new SSH port. Ubuntu comes with a built-in firewall called UFW (Uncomplicated Firewall), which simplifies firewall management.

To allow incoming SSH connections on the new port using UFW, run the following command:

sudo ufw allow 2022/tcp comment 'Allow SSH'

Replace 2022 with the port number you configured in the previous step. The comment option adds a descriptive comment to the firewall rule, making it easier to identify its purpose.

If you’re using iptables instead of UFW, you can add a new rule to allow incoming SSH connections on the new port with the following command:

sudo iptables -I INPUT -p tcp --dport 2022 -j ACCEPT

Again, replace 2022 with your chosen SSH port. To make the iptables rules persistent across reboots, save the current rules using:

After modifying the SSH configuration file and updating the firewall rules, you need to restart the SSH service for the changes to take effect. In Ubuntu 24.04, SSH uses systemd socket activation, which means you need to restart the SSH socket instead of the SSH service directly.

To restart the SSH socket, run the following commands:

sudo systemctl daemon-reload
sudo systemctl restart ssh.socket

To confirm that the SSH service is now listening on the new port, you can use the systemctl status command:

sudo systemctl status ssh

Additionally, you can use the ss command to verify that the SSH service is listening on the new port:

ss -tulpn | grep ssh

This command will display the network sockets and their associated processes. Look for a line that shows the SSH service listening on the new port, for example:

tcp LISTEN 0 128 *:2022 *:* users:(("sshd",pid=1234,fd=3))

Step 5. Update SSH Client Configuration.

Now that you have changed the SSH listening port on your server, you need to update your SSH client configuration to connect to the server using the new port. When connecting to the server via SSH, you can specify the port using the -p option followed by the port number:

ssh username@server_ip -p 2022

Replace username with your SSH username, server_ip with your server’s IP address, and 2022 with the new SSH port number.

Congratulations! You have successfully changed port SSH. Thanks for using this tutorial to change the SSH listening port on the Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the Ubuntu website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button