What Port Does SSH Use?
Secure Shell (SSH) uses TCP port 22.
SSH was created as a solution to replace both file transfer protocol FTP (port 21) and remote access protocol telnet (port 23), so port 22 was a particularly fitting choice.
Changing SSH port on the server
You can make SSH server run on any available port by changing the Port directive in the /etc/SSH/sshd_config file.
Usually Port is the very first option defined in the file, and it's commented out if default value is used:
#Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
just updated this section by uncommenting Port and changing 22 to the port number you need, like 212 in this example:
Port 212 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::
For privileged port (port number less than 1024), you would have to start sshd as root.
For non-privileged port (port number above 1024), you can start sshd as a regular user on your server.
Best practice: change default SSH port
If you are running SSH server on publicly available IP addrrsses, it's best to minimize your chances of having SSH access compromsied:
- change the default port for SSH (to limit chances of SSH being discovered by external scans)
- switch to key only authentication (prevents password brute force attacks)
- use firewall to allow SSH access from known IP networks only (if possible)
Leave a Reply