How to configure SSH Server to listen on multiple ports

By default, SSH is configured to listen on port 22. However, there may be situations where it is necessary to configure the SSH server to listen on multiple ports. This setup can be beneficial when the server is part of multiple networks that require different ports for SSH connections.

Configuring SSH to listen on multiple ports involves modifying the sshd_config file. This file allows the administrator to define additional ports on which the server will listen. Proper configuration ensures that the SSH server can handle connections on all specified ports.

It is also important to ensure that your firewall and SELinux policies are updated to permit traffic on these additional ports. Without these adjustments, the server may not be able to accept connections on the newly configured ports.

Steps to run SSH server on multiple ports:

Launch terminal application.

Check if the ports you plan to assign to your SSH service are not already in use.

$ ss -tlnp | grep -E "22|2022"
LISTEN     0      128          *:22                       *:*
LISTEN     0      128         :::22                      :::*

SSH service currently runs on port 22, which is expected.

Open the sshd configuration file using your preferred text editor.
```
$ sudo vi /etc/ssh/sshd_config
```
Locate the Port directive in the configuration file.
Add each desired port on a new line using the Port directive.
```
Port 22
Port 2022
```
Ensure that each port is listed on a separate line using the Port directive.

Make sure the line does not begin with # as it implies the line is commented and will be ignored.
Save the changes to the sshd configuration file.
Configure your firewall to allow connections on the newly added ports (optional, if firewall is enabled).
```
$ sudo ufw allow 2022/tcp # Ubuntu/Debian
$ sudo firewall-cmd --add-port=2022/tcp --permanent && sudo firewall-cmd --reload # CentOS / Red Hat
success
success
```
It is assumed the default port, 22 is already configured with correct firewall configuration. Add if necessary.
Configure selinux to allow SSH to run on the configured port (optional, if selinux is used).
```
$ sudo semanage port -a -t ssh_port_t -p tcp 2022
```
semanage can be installed on CentOS or Red Hat systems using the following command:
```
$ sudo yum install --assumeyes policycoreutils-python
```
It is assumed the default port, 22 is already configured with correct selinux policy. Add if necessary.
Restart the sshd service to apply the changes.
```
$ sudo systemctl restart sshd
```
Related: How to start, restart, and stop the SSH server service

Verify that the sshd service is listening on all configured ports.

$ ss -tlnp | grep 22
LISTEN     0      128          *:2022                     *:*
LISTEN     0      128          *:22                       *:*
LISTEN     0      128         :::2022                    :::*
LISTEN     0      128         :::22                      :::*

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.