How to modify the SSH server port

SSH service, by default, runs on port 22. You can change the port that your SSH service runs if you're behind a firewall that blocks the SSH default port. You can also set the port for your SSH server on a non-standard port to reduce automated attacks by bots, especially if it's directly exposed to the internet.

You can run your SSH server on an alternative port by configuring the Port option. You can choose any port number as long as other services do not already use it.

1. Launch your preferred terminal application.
2. Check if the port you plan to assign to your SSH server is not already in use.

   $ ss -natp | grep 2022
   $

3. Edit sshd configuration file with your favourite text editor.

   $ sudo vi /etc/ssh/sshd_config

4. Search for Port option and set the value to the port you desire.

   Port 2022

   Make sure the line does not begin with # as it implies the line is commented and will be ignored.

5. Configure firewall to allow access to the configured port (optional, if firewall is enabled).

   $ sudo ufw allow 2022/tcp # Ubuntu/Debian
   $ sudo firewall-cmd --add-port=2022/tcp --permanent && sudo firewall-cmd --reload # CentOS / Red Hat
   success
   success

6. Configure selinux to allow SSH to run on the configured port (optional, if selinux is used).

   $ sudo semanage port -a -t ssh_port_t -p tcp 2022

   semanage can be installed on CentOS or Red Hat systems using the following command:

   $ sudo yum install --assumeyes policycoreutils-python

7. Restart sshd service.

   $ sudo systemctl restart sshd

   Related: How to start, restart, and stop the SSH server service

8. Check if sshd is now running on the configured port.

   $ ss -tlnp | grep 2022
   LISTEN     0      128          *:2022                     *:*
   LISTEN     0      128         :::2022                    :::*