This is not the most obvious functionality, hence I decided to share it as a separate post. It's quite easy and perfectly acceptable to specify more than one SSH port for your sshd daemon – useful for debugging or added security (when bound to separate IP addresses).
Adding Extra SSH ports
Simply edit the /etc/ssh/sshd_config file and add more port numbers under the existing default port (it's commented out because 22 is used by default):
greys@server:~$ sudo vi /etc/ssh/sshd_config
Change this:
#Port 22
AddressFamily any±
ListenAddress 0.0.0.0
ListenAddress ::
to this:
Port 22
Port 221
Port 222
AddressFamily any±
ListenAddress 0.0.0.0
ListenAddress ::
IMPORTANT: you must uncomment Port 22, otherwise new ports will be the only SSH ports listened on (so SSH port 22 will stop working).
Now restart ssh:
greys@server:~$ sudo systemctl restart ssh
Confirm each new SSH port
netstat command with grep confirms that all 3 ports are being listened on now:
greys@server:~$ netstat -nal | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:221 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:222 0.0.0.0:* LISTEN
If we want to, we can even try connecting to a non-standard ssh port like 221 or 222 as per our changes.
Don't be alarmed about warning:
root@server:~# ssh greys@localhost -p 222
The authenticity of host '[localhost]:222 ([127.0.0.1]:222)' can't be established.
ECDSA key fingerprint is SHA256:12efZx1MOEmlxQOWKhM5eaxDwJr4vUlLhcpElkGHTow.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:222' (ECDSA) to the list of known hosts.
greys@localhost's password:
Welcome to Ubuntu 19.04 (GNU/Linux 4.18.0-20-generic x86_64)
Hope you enjoy this advice, stay tuned for more!
Leave a Reply