By default, SSH is configured to listen on port 22. However, there may be situations where it is necessary to configure the SSH server to listen on multiple ports. This setup can be beneficial when the server is part of multiple networks that require different ports for SSH connections.
Configuring SSH to listen on multiple ports involves modifying the sshd_config file. This file allows the administrator to define additional ports on which the server will listen. Proper configuration ensures that the SSH server can handle connections on all specified ports.
It is also important to ensure that your firewall and SELinux policies are updated to permit traffic on these additional ports. Without these adjustments, the server may not be able to accept connections on the newly configured ports.
Related: How to change the SSH server port
Steps to run SSH server on multiple ports:
- Launch terminal application.
- Check if the ports you plan to assign to your SSH service are not already in use.
$ ss -tlnp | grep -E "22|2022" LISTEN 0 128 *:22 *:* LISTEN 0 128 :::22 :::*
SSH service currently runs on port 22, which is expected.
- Open the sshd configuration file using your preferred text editor.
$ sudo vi /etc/ssh/sshd_config
- Locate the Port directive in the configuration file.
- Add each desired port on a new line using the Port directive.
Port 22 Port 2022
Ensure that each port is listed on a separate line using the Port directive.
Make sure the line does not begin with # as it implies the line is commented and will be ignored.
- Save the changes to the sshd configuration file.
- Configure your firewall to allow connections on the newly added ports (optional, if firewall is enabled).
$ sudo ufw allow 2022/tcp # Ubuntu/Debian $ sudo firewall-cmd --add-port=2022/tcp --permanent && sudo firewall-cmd --reload # CentOS / Red Hat success success
It is assumed the default port, 22 is already configured with correct firewall configuration. Add if necessary.
- Configure selinux to allow SSH to run on the configured port (optional, if selinux is used).
$ sudo semanage port -a -t ssh_port_t -p tcp 2022
semanage can be installed on CentOS or Red Hat systems using the following command:
$ sudo yum install --assumeyes policycoreutils-python
It is assumed the default port, 22 is already configured with correct selinux policy. Add if necessary.
- Restart the sshd service to apply the changes.
$ sudo systemctl restart sshd
- Verify that the sshd service is listening on all configured ports.
$ ss -tlnp | grep 22 LISTEN 0 128 *:2022 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 :::2022 :::* LISTEN 0 128 :::22 :::*
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.