Secure Shell, also known as SSH is a network protocol which can be used to access the server remotely. Communication taking place between client and server is encrypted so it is more secure than telnet (telnet is also a network protocol used for almost the same purpose). We can access server remotely by providing username, IP address and port number through which communication will take place.

How to Access Server Using SSH Default Port:

In order to access a client remotely, use the following command on terminal:

OR

This command will cause the client to access server having IP Address ‘serverIP’ using the user ID ‘username’. If this is the first time connection between local client and server the user will be prompted with the remote host’s public key fingerprint.

The authenticity of the host ‘example.ssh.com’ cannot be established.

Are you sure you want to continue connecting (yes/no)?

If you answer ‘yes’ then the connection will be established and the host key will be stored in the local system. When host key is stored once, next time the client system can access the host without any approval. After confirmation, user will be asked for password. By entering password of the server, you will be able to access server remotely.

SSH Default Port:

Wireless or wired communication between two machines takes place through ports. There are a total of 65,536 Communication ports and communication can take place through any of these ports. SSH communicates by default through port 22. When we run the above command, connection between local client and server is established through port 22 and all the communication takes place through this port.

Why We Change Default SSH Port?

We change Default SSH port to provide security measures to the server especially from Brute Force Attack.

Brute Force Attack is a trial and error method to decode encrypted data such as passwords through exhaustive effort rather than applying intellectual algorithm. This is just like we make different number of combinations from specific alphabets.

Port 22 is default port of SSH so everyone knows about it and it is much easier to access data from this port by unauthorized person than any other port. In case of changed default SSH port, hacker has to try different ports on trial and error base and it becomes much more difficult to find an open port. Default port is changed to give a hacker in such a situation.

How to Change Default SSH Port?

You can change the default SSH port for your Linux Server to add security measure.

Warning: Make sure the new SSH port does not conflict with any known or blocked ports.

Following Steps are performed to change the default SSH port.

Access Server through SSH:

Before you change the default SSH port of machine, you need to connect to your server through SSH. In order to connect to the server you should know the server IP, username and password. Run the following command on your linux machine to get connected with server:

You must have sudo privilege to get connected with server.

Selecting a new Port:

There are a total of 65,536 communication ports and we have to choose one port among these but which one?

ICANN (International Corporation for Assigned Names and Numbers) classifies the ports into following categories:

• System/Well Known Ports: 0-1023
• User or Registered Ports: 1024-49151
• Dynamic/Private Ports: 49152-65535

In order to avoid miss-configuring, we choose a port number from Dynamic/Private Ports.

Changing the Default SSH Port:

When we are logged into the server we can change Default SSH port by editing sshd_config file. It is a good practice to have a backup before we make any changes in this file. The following command will create a backup file of sshd_config file.

Above Command will generate a copy of sshd_config file in the same directory named as sshd_config_backup as a backup. Now we are ready to change the default SSH port. To change the default port, open sshd_config file in any editor. In the following command we are going to open this file in a text editor.

By running the above command, sshd_config file will be opened in text editor. Now find the following line in this file:

Remove # sign and replace the Port 22 with your selected port from given range of ports. For example

In order to avoid completely locking yourself from your system, you should whitelist the port you have specified above (e.g. 49160) on your firewall.

Restart SSH:

When you have made changes in sshd_config file, you should restart the server to load changes. Run the following command to restart SSH:

Test Changes:

You can test changes by connecting to your server again without logging out current SSH session. Remember to use the new Port number while connecting this time as we have changed it. Opening a new session without closing the previous one ensures that you don’t lock completely yourself from your linux server. After changing default Port, you need to specify the port number to connect to the server. Following is the command to connect to the server after changing default port:

Use your specified port in place of 49160.

Conclusion:

This blog gives a brief knowledge on the procedure of changing default SSH port and the importance of changing default SSH port. I have summarized each step and hope you will find it helping.