Change the SSH Port to increase the security of your VPS

As the administrator of your Virtual Private Server you will need to keep the software of the server up-to-date.

This requires that you login to the server. You will do that over SSH – the Secure SHell.

Every network protocol has its own default communication port. For instance, for HTTP that is port 80. The default port for SSH is 22.

Switching to a different port than the default one, is a simple way of increasing the security of your server.

Even companies offering shared hosting plans often choose a different port for SSH than 22. For the very same reason – security.

Changing the SSH port of your VPS is a quick and easy hack. In this port you will see how to do this.

Changing the SSH Port

Login to your VPS with your SSH Key or password. The preferred way is to login as a regular user, and not as the root.

The login command is:

Replace the $prefixed entries with your own details. You can omit the port number when your client and the server use the same port number.

Once logged in, enter at the prompt:

Make sure you type sshd_config, and not ssh_config.

The ssh_config is the configuration file for clients. For machines that initiate the SSH connection. Like your PC or Mac you are logging in from.

The sshd_config file is the configuration file on the receiving end, the server.

When the SSH server configuration file opens, you will see something like this:

We are merely interested in one line, the first uncommented line. That first line without the # sign that reads:

Now you will recognize this port as the default port for SSH connections.

Basically, you can replace the 22 by any number as long as it is not already taken by another process on your server. However, it is always better to avoid commonly used port numbers.

Pick a number above 2000 and check with the Wikipedia list whether it is listed. Consider listed port numbers are assigned, and therefore unavailable.

An example of an unlisted port is 6782. for example.

You can use the same port number when you are connecting to your server over SFTP – Secure FTP that also benefits from SSH.

Although we have changed the default port number, the server still requires SSH connections over port 22. That is until the server reboots.

Since we like to reduce reboots to a minimum, we can also restart the SSH process or make sure that the server reloads the changed configuration file – the sshd_config.

To restart the SSH service type:

The system answers with:

Your server will probably display a different process number, but that is okay.

As you can see, a ‘restart’ command first stops the service. That makes sense. Once the service is stopped, it can be restarted.

But this implies that a ‘restart’ interrupts the SSH service. Albeit for a brief moment.

An available alternative is the reload command.

To reload the SSH service, enter:

This time, unless the reload fails, you will not get a reply from the server.

The advantage of reload, compared to restart, is that the service is not interrupted at all.

Was that easy?

More details

An alternate list with commonly used port numbers is available on the iana.org website. The Internet Assigned Number Authority is an operation of the ICANN.