Reading Time: 4 minutes

While there are many ways to make sure your server is as secure as possible, there are some basic steps that we can take to increase security. Users with a Linux server can change their SSH port to something other than the default port (22). The steps listed below, outline this task providing steps to enable this change.

Step #1: Reconfigure SSHD

The easiest way to change the port is to SSH into the server as root:

ssh root@hostname/IP

The (hostname/IP should be replaced with the hostname of your server or the main IP address of your server)

Once you are logged in to the server as root we can begin editing the sshd_config file. As with any modification, it is always a good idea to take a backup before proceeding.

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim). Locate the line that specifies the port. If your sshd_config file has not been altered, the Port setting may be commented out with a # symbol (example below).

vim /etc/ssh/sshd_config
/etc/ssh/sshd_config

The # symbol tells the server to ignore anything after it on the same line. We will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222.

Remove the # symbol and change the port number.

SSHd config port 2222

Next, save your changes using the :wq command and close the sshd_config file.

Now, we need to open the new port in the server's firewall. This tutorial describes firewall changes on a standalone dedicated or virtual private server. If you have a hardware firewall in place please open a ticket with our support department. We can make the necessary changes to that device.

Step #2: Updating Your Firewall

Once again we will use Vim as our text editor to make changes to the APF firewall configuration. If your server uses the CSF firewall, follow the instructions to open a port via the command line or WebHost Manager at Opening Ports In Your Firewall and skip ahead to the next section.

As with the SSH configuration file it is a good idea to create a backup before making any changes.

cp /etc/apf/conf.apf /etc/apf/conf.apf.bak

Open /etc/apf/conf.apf in Vim (or your favorite text editor) and locate the line labeled Common ingress (inbound) TCP ports.

APF Ingress TCP Ports Conf

Add your new port number to the list of existing ingress ports. Be sure to add commas where necessary (follow the format of the existing port numbers). Save your changes to the conf.apf file and close your text editor.

Step #3: Restart Services

SSH and APF must now be restarted to activate your changes. You can do so by running the command '/etc/init.d/apf restart' followed by '/etc/init.d/sshd restart' (example below):

service sshd restart
service apf restart
Restarting SSH and APF Services

SSH will then restart and begin listening on the port number you have specified.

It is important to note that if you change SSH's port number this will also alter the way you need to run certain commands that utilize SSH. Examples of commands that would need the new port number specified include scp and rsync.

To give you the best support (and often fix problems before you even know they are happening) we need to have your SSH port on file in our records. Log in to your Liquid Web Manage account at https://my.liquidweb.com/ and follow our tutorial on Updating Your Root User and SSH Information in Manage

Conclusion

Securing this connection is only one step in improving your overall server security. Preventing unauthorized SSH access to your server blocks those who seek to gain access for malicious reasons.

How Can We Help?

We pride ourselves on being The Most Helpful Humans In Hosting™!

Our Support Teams are filled with experienced Linux technicians and talented system administrators who have intimate knowledge of multiple web hosting technologies, especially those discussed in this article.

Should you have any questions regarding this information, we are always available to answer any inquiries with issues related to this article, 24 hours a day, 7 days a week 365 days a year.

If you are a Fully Managed VPS server, Cloud Dedicated, VMWare Private Cloud, Private Parent server, Managed Cloud Servers, or a Dedicated server owner and you are uncomfortable with performing any of the steps outlined, we can be reached via phone at @800.580.4985, a chat or support ticket to assisting you with this process.

About the Author: David Singer

I am a g33k, Linux blogger, developer, student, and former Tech Writer for Liquidweb.com. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

Liquid Web’s Incident Management Process

Read Article

How Does Containerization Work?

Read Article

Microsoft Exchange Server Security Update

Read Article

How to Monitor Your Server in WHM

Read Article

How to Monitor Your Server in WHM

Read Article