How to Change SSH Port in Linux?

When you launch a Linux server, one of the first services running quietly in the background is SSH (Secure Shell). It is the gateway administrators use to remotely access, manage, configure, and troubleshoot servers from anywhere in the world.

By default, SSH works on Port 22. While this standard setup is convenient, it also becomes one of the most commonly targeted ports by hackers and automated bots. Thousands of malicious login attempts scan Port 22 every single day, looking for weak credentials and poorly secured servers.

Changing the default SSH port is a small configuration tweak, but it can significantly reduce automated attacks and unnecessary login attempts. It is not a replacement for proper security practices, but it acts as an additional security layer that makes your server less visible to automated scans.

In this knowledgebase article, you will learn:

• Why changing the SSH Port is important
• How to safely change the SSH Port in Linux
• Firewall configuration steps
• Testing the new SSH Port properly
• Important tips to avoid locking yourself out

Whether you are using CentOS, AlmaLinux, Rocky Linux, Ubuntu, or Debian, this guide will help you complete the process safely and correctly.

---

Also Read: How to Set Up FTP on Linux​? 

---

Why to Change the Default SSH Port?

Changing the default SSH Port helps reduce automated attacks and improves server hardening.

1. Reduces Automated Bot Attacks

Most bots continuously scan Port 22 for vulnerable servers. Moving SSH to another port instantly avoids many automated attacks.

2. Cleaner Server Logs

Your authentication logs will contain fewer brute-force login attempts.

3. Adds an Extra Security Layer

It creates an additional obstacle for attackers who rely on default configurations.

4. Better Server Hardening

Changing default services is considered a basic server security practice.

---

Also Read: How to Change Root Password in Linux?

---

Important Things to Know Before You Start

Before changing the SSH Port, keep these points in mind:

• ➔ Always keep your current SSH session open.
• ➔ Open the new port in the firewall first.
• ➔ Test the new SSH Port before closing the old session.
• ➔ Choose a port number above 1024.
• ➔ Avoid commonly used ports to prevent conflicts.

---

Also Read: How to Kill a Process in Linux? 

---

Steps to Change SSH Port in Linux

➢ Step 1: Open the New SSH Port in the Firewall

Before changing the SSH configuration, the new port must be allowed through the firewall. Otherwise, the server may block incoming SSH connections on the new port.

In this example, we will use 2222 as the new SSH Port.

★ For RHEL-Based Systems (CentOS, AlmaLinux, Rocky Linux)

➔ Run the following command:

📋Copied!

firewall-cmd –add-port=2222/tcp –permanent

What This Command Does

• Opens TCP Port 2222 permanently
• Allows remote SSH connections through the new port
• Saves firewall rules even after reboot

Now reload the firewall:

📋Copied!

firewall-cmd –reload

Reloading applies the newly added firewall rules immediately.

★ For Ubuntu / Debian Systems

➔ Run the following command:

📋Copied!

ufw allow 2222/tcp

Now reload the UFW

📋Copied!

Ufw reload

What This Command Does

• ➔ Allows incoming traffic on Port 2222
• ➔ Updates UFW firewall rules instantly

➢ Step 2: Open the New SSH Port in the Firewall

Now it is time to tell the SSH service to listen on the new port.

➔ Open the SSH configuration file:

📋Copied!

nano /etc/ssh/sshd_config

➔ In that, find this line “#Port 22”

On many servers, this line is commented out with a #.

➔ You have to change it to:

📋Copied!

Port 2222

➢ Step 3: Restart SSH Service

After saving the configuration file, restart the SSH service so the changes can take effect.

★ For RHEL-Based Systems

📋Copied!

systemctl restart sshd

★ For Ubuntu/Debian

📋Copied!

systemctl restart ssh

Why Restarting is Necessary

The SSH service reads its configuration only during startup. Restarting reloads the updated port configuration.

Without restarting:

• SSH will continue using the old port
• Your changes will not apply

➢ Step 4: Test the New SSH Port

Now, you have to test the new SSH Port from a new terminal window.

📋Copied!

ssh root@your-server-ip -p 2222

Replace your-server-ip with the IP address you have.

How to Verify SSH is Listening on the New Port

➔ You can verify active listening ports using:

📋Copied!

ss -tulpn | grep ssh

OR

📋Copied!

netstat -tulpn | grep ssh

You should see something similar to:

📋Copied!

0.0.0.0:2222

This confirms SSH is now listening on Port 2222.

---

Also Read: How to Rename a Folder in Linux​? 

---

Common Problems You Can Face After Changing SSH Port

1. Connection Refused

Possible Reasons

• Firewall port not opened
• SSH service not restarted
• Wrong port number used

2. Server Lockout

Possible Reasons

• Closed old SSH session too early
• Typo in SSH configuration
• Firewall misconfiguration

3. SELinux Blocking the Port (RHEL Systems)

On some RHEL-based servers, SELinux may block custom SSH ports.

➔ Run the following command:

📋Copied!

semanage port -a -t ssh_port_t -p tcp 2222

---

Also Read: How to Check Memory in Linux? 

---

Final Thoughts

Changing the default SSH Port in Linux is one of the simplest server hardening techniques you can implement. While it does not make your server “invisible,” it greatly reduces automated scanning attempts and unnecessary attacks targeting Port 22.

The key to performing this safely is:

• Open firewall rules first
• Edit the SSH configuration carefully
• Restart the SSH service
• Test the new connection before logging out

A few minutes spent securing SSH today can save hours of troubleshooting and security issues later.

If you manage VPS servers, dedicated servers, or cloud environments regularly, changing the default SSH Port should become part of your standard server setup checklist.