Quickly change your ssh port from default 22 to something higher

by jagbir on January 1, 2009

In the era of daily brute force attacks, it is advisable to change your ssh port from default 22 to something higher, to lower your chances of being a victim.

I’m using CentOS 5.2 box here but the process should be identical in other RH based distros.

Step 1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):

old line:
Port 22
Change it to:
Port 54545 # any port number you wish

if you rush and try to restart your ssh service, you may end with getting error:

# /etc/init.d/sshd restart
 Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 13: Badly formatted port number. [FAILED]

Step 2. You need to update your /etc/services file to tell that your ssh service will now use a different port. Jump to line number 45 (may be different in your file) and change port number:

old line:
 ssh     22/tcp              # SSH Remote Login Protocol
change it to:
 ssh	54545/tcp	   # SSH Remote Login Protocol

save and exit from the file.

step 3. Restart your sshd service, it should go smooth. You have to specify port number every time you use ssh or scp or any other service which use ssh in any way. If your server or machine is behind a firewall, you must open the newly assigned port in your firewall.

To make it easy to supply port number every time when you ssh/scp, you can create alias in your machine. Best place to store aliases is your ~/.bashrc file. open it and place following two aliases:

# vim ~/.bashrc
alias scpp='scp -p 54545'
alias sshp='ssh -p 54545'

save and exit the file.

I’ve used the names ‘scpp’ and ‘sshp’ here so that the original ssh/scp remain intact and whenever you want to use ssh with that port, just write ‘sshp’ or ‘scpp’. You are free to experiment with aliases to suite your need :)

To make changes of your .bashrc file effective, run following:

# source ~/.bashrc

Use your aliases, every time you need to ssh/scp into the host.

Another way here to update your local ssh config file:

# vi ~/.ssh/config
Host yoursite.com
Port 55555

Now when you use simple ssh/scp for yoursite.com, it will automatically use specified port. Thanks Zubin (comment) for this tip.

  • Zubin

    Thanks for the writeup!

    Instead of creating aliases for ssh, scp, rsync, etc, simply add the following to ~/.ssh/config on your local machine:

    Host yoursite.com
    Port 55555

  • http://www.jagbir.info jagbir

    thanks zubin for valuable suggestion :) will update post to include it.

  • Zubin

    Another caveat with this error:
    Starting sshd: /etc/ssh/sshd_config line 13: Badly formatted port number. [FAILED]

    For me, this error cropped up when I attempted to use a TCP port over 65535.
    In the end I found that editing /etc/services was unnecessary.

    • http://www.jagbir.info jagbir

      zubin, I’ve checked in my CentOS 5.0 box, that when setting port 54321 without editing /etc/services, the error popped up. Which flavour you are using?

  • http://linuxarea.webs.com sandeeprhce5

    Now i am able to login ssh on another port after using this article.
    Thanks. sandeeprhce5@gmail.com

  • http://www.blurty.com/talkpost.bml?journal=monmouth565&itemid=1497 Colin Wicklin

    Thanks for sharing superb informations. Your site is very cool. I am impressed by the details that you have on this website. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for extra articles. You, my friend, ROCK! I found just the info I already searched everywhere and just couldn’t come across. What an ideal web-site.

Previous post:

Next post: