How to Change the Default SSH Port in Ubuntu

Printer-friendly versionPDF version
Ubuntu SSH Port

Changing the default SSH listening port is a quick and easy way to prevent random traffic and common attacks from "script kiddies". It won't make your system more secure, it will just make it slightly more difficult for an attacker. The main reason why you would change the listen port from 22 to something else is to stay out of the way of broad internet port scans that are seeking out common ports. In my example I will be using Ubuntu 10.10, however, this should work on any current version of Ubuntu.

Open this file using your favorite text editor: /etc/ssh/sshd_config

sudo vim /etc/ssh/sshd_config

Simply modify the line "Port 22" to whatever port you want that isn't currently being used. The most common SSH alternative port is 2222. Then run this command for that change to take effect:

sudo reload ssh

If that command doesn't work on your OS, run this:

sudo /etc/init.d/ssh reload

That's it. You can now test it by opening a terminal and trying to connect to the local host on the new port:

ssh -p 2222 localhost

If you are looking for additional security for SSH, check out this tutorial on installing and configuring fail2ban:

How to Install and Configure fail2ban on Ubuntu 10.04 for SSH and Pure-FTPd

Even a script kiddie is going to know to scan for open ports/services.

Just switch to key-based authentication, run it on the default port, and laugh when people try to break in with a password.

Post new comment