How To Change SSH Listening Port on Ubuntu 24.04 LTS
In this tutorial, we will show you how to change SSH listening port on Ubuntu 24.04 LTS. Secure Shell (SSH) is a crucial protocol for securely accessing and managing remote servers. By default, SSH listens on port 22, which is widely known and often targeted by malicious actors. Changing the default SSH port is a simple yet effective way to enhance your server’s security and reduce the risk of automated attacks.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step change SSH listening port on Ubuntu 24.04 (Noble Numbat). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies.
- An Ubuntu 24.04 system with root access or a user with sudo privileges.
Change SSH Listening Port on Ubuntu 24.04 LTS
Step 1. Install OpenSSH Server.
To get started, you need to have the OpenSSH server installed on your Ubuntu 24.04 system. If it’s not already installed, you can do so by running the following command:
sudo apt update && sudo apt install openssh-server
This command will update your package lists and install the OpenSSH server package. Once the installation is complete, you can verify that the SSH service is running by using the command:
sudo systemctl status ssh
If the SSH service is active and running, you will see an output similar to:
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-06-24 06:13:00 UTC; 1min ago
Step 2. Step 2: Backup SSH Configuration File.
Before making any changes to the SSH configuration file, it’s always a good practice to create a backup. This way, if something goes wrong, you can easily revert to the original configuration. To create a backup, use the following command:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
This command creates a copy of the sshd_config
file with the .bak
extension, ensuring that you have a fallback option if needed.
Step 3. Modify SSH Configuration File.
Now that you have a backup, it’s time to modify the SSH configuration file to change the listening port. Open the sshd_config
file using your preferred text editor with sudo privileges:
sudo nano /etc/ssh/sshd_config
Once the file is open, locate the line that starts with #Port 22
. Remove the #
symbol to uncomment the line, and change the port number to your desired value. For example, to change the SSH port to 2022, modify the line to:
Port 2022
In addition to changing the port, you can also configure other SSH settings to further enhance security. Some recommended options include:
-
ListenAddress
: Specify the IP address(es) on which SSH should listen. By default, SSH listens on all available interfaces.PermitRootLogin
: Disable root login by setting this option tono
.PasswordAuthentication
: Disable password-based authentication and enforce key-based authentication by setting this option tono
.
After making the necessary changes, save the file and exit the text editor. In nano, you can do this by pressing Ctrl+X
, then Y
, and finally Enter
.
Step 4. Update Firewall Rules.
If you have a firewall enabled on your Ubuntu 24.04 server, you need to update the firewall rules to allow incoming connections on the new SSH port. Ubuntu comes with a built-in firewall called UFW (Uncomplicated Firewall), which simplifies firewall management.
To allow incoming SSH connections on the new port using UFW, run the following command:
sudo ufw allow 2022/tcp comment 'Allow SSH'
Replace 2022
with the port number you configured in the previous step. The comment option adds a descriptive comment to the firewall rule, making it easier to identify its purpose.
If you’re using iptables instead of UFW, you can add a new rule to allow incoming SSH connections on the new port with the following command:
sudo iptables -I INPUT -p tcp --dport 2022 -j ACCEPT
Again, replace 2022
with your chosen SSH port. To make the iptables rules persistent across reboots, save the current rules using:
After modifying the SSH configuration file and updating the firewall rules, you need to restart the SSH service for the changes to take effect. In Ubuntu 24.04, SSH uses systemd
socket activation, which means you need to restart the SSH socket instead of the SSH service directly.
To restart the SSH socket, run the following commands:
sudo systemctl daemon-reload sudo systemctl restart ssh.socket
To confirm that the SSH service is now listening on the new port, you can use the systemctl
status command:
sudo systemctl status ssh
Additionally, you can use the ss command to verify that the SSH service is listening on the new port:
ss -tulpn | grep ssh
This command will display the network sockets and their associated processes. Look for a line that shows the SSH service listening on the new port, for example:
tcp LISTEN 0 128 *:2022 *:* users:(("sshd",pid=1234,fd=3))
Step 5. Update SSH Client Configuration.
Now that you have changed the SSH listening port on your server, you need to update your SSH client configuration to connect to the server using the new port. When connecting to the server via SSH, you can specify the port using the -p
option followed by the port number:
ssh username@server_ip -p 2022
Replace username
with your SSH username, server_ip
with your server’s IP address, and 2022
with the new SSH port number.
Congratulations! You have successfully changed port SSH. Thanks for using this tutorial to change the SSH listening port on the Ubuntu 24.04 LTS system. For additional help or useful information, we recommend you check the Ubuntu website.