Securing your server is essential to prevent intrusions and malicious attacks. In this complete guide, you will learn how to change SSH port from the default (22) to a custom one on your Linux server, step by step, in a clear and educational way.
🚨 Why change SSH port on your server
The SSH protocol allows secure remote access to your server. However, the default port 22 is often targeted by automated brute-force attacks and hacking attempts.
- Reduces the risk of automatic intrusions
- Makes it harder for attackers to find your SSH service
- Improves overall server security
Choosing a non-standard port significantly reduces attack attempts while keeping access for administrators.
🛠️ Step 1: Connect to your server using WinSCP or Putty
To modify the SSH port, you can use WinSCP or command-line tools like Putty. WinSCP provides a visual interface, making it easier to edit sshd_config files.
Connect with your usual credentials (IP, root username, password).
📂 Step 2: Install Nano and edit sshd_config
To edit the configuration file, it’s recommended to use Nano:
# On CentOS / RHEL
yum install nano -y
# On Ubuntu / Debian
apt install nano -y
Then, open the SSH configuration file:
nano /etc/ssh/sshd_config
Find the line:
#Port 22
Remove the hash (#) and replace 22 with a custom port, for example 702. Save with Ctrl + O and exit Nano with Ctrl + X.
⚠️ Tip: Avoid using ports that are already reserved. Check the list of TCP/UDP ports to prevent conflicts.
🔄 Step 3: Restart SSH service and verify
To apply the changes, restart the SSH service:
# On systemd-based systems
systemctl restart sshd
# On some other systems
service sshd restart
Check the status to ensure SSH is running correctly:
systemctl status sshd
💡 Tip: Make sure to allow the new port in your firewall before closing the session.
# Example for UFW
ufw allow 702/tcp
# Example for firewalld
firewall-cmd --add-port=702/tcp --permanent
firewall-cmd --reload
✅ Step 4: Test SSH connection on the new port
- Open Putty or another SSH client
- Enter your server’s IP address
- Enter the new custom SSH port
- Connect normally
If the connection works, the default port 22 is now disabled, and your server is more secure.
🛡️ Step 5: Enhance SSH security
- Install fail2ban to block intrusion attempts
- Configure an effective firewall (UFW, iptables, or firewalld)
- Limit SSH access to specific IP addresses
- Use SSH keys instead of passwords
🔗 Internal links and resources
Learn more:
📝 Conclusion
Changing SSH port is a simple but essential step to secure your server. By combining a custom port with fail2ban and a strong firewall, you significantly reduce intrusion risks while maintaining secure and controlled access.
✍️ Christian H
Senior Linux administrator, web & mobile developer, and security strategist with over 10 years of field experience.
Graduated in Information Technology from Uganda Martyrs University in 2013.
Specialized in live server recovery, DNS/SPF troubleshooting, mobile-first web apps, and terrain-ready documentation for African sysadmins.
📡 Follow updates on Facebook or explore guides on CongoCloud.net.
Rejoignez plus de
qui nous font déjà confiance.
