In today's digital landscape, securing your server is paramount for any administrator. One fundamental step to enhance security is changing the default SSH port on your Virtual private server (VPS). In this article, we'll explain why changing the SSH port is important, how to select a port, and the step-by-step process to execute the change.
Why Change the SSH Port
The default port for SSH (Secure Shell), port 22, is widely known and often targeted by attackers and scripts scanning the internet for vulnerable servers. Changing the port to a less predictable one can significantly reduce the risk of automated attacks.
Common Ports and How to Choose the Right One
When selecting a new SSH port, it's crucial to avoid ports already assigned to other services. Ports fall into three main categories:
- Well-Known Ports (0–1023): These ports are typically assigned to specific services. For example, HTTP uses port 80, and HTTPS uses port 443. It's advisable to steer clear of these ports for SSH.
- Registered Ports (1024–49151): These ports are designated for user applications and might be more suitable for SSH if not used by another service on your server.
- Dynamic or Private Ports (49152–65535): These ports are not assigned to any specific service and are often used for dynamic port allocations by various applications.
It's recommended to choose a port between 1024 and 49151 that is not listed as a known port used by your application or service.
How to Change the SSH Port on VPS
- Log in to your VPS as root or using a user with sudo privileges.
- Open the SSH configuration file. This file is typically located at
/etc/ssh/sshd_config
. Use the command:sudo nano /etc/ssh/sshd_config
- Locate the line containing
#Port 22
. Remove the#
character to uncomment it and change the port number to your chosen one. For example:Port 2222
- Save and close the file.
- Restart the SSH service to apply the changes. On most systems, you can use the command:
sudo systemctl restart sshd
- Ensure the new port is allowed on the firewall. Use a command like:
sudo ufw allow 2222/tcp
if you're using the ufw
firewall, or the relevant command for your firewall.
Changing the SSH port on your VPS is a simple yet effective step towards enhancing your server's security. It's essential to carefully select a new port to avoid conflicts with other services and ensure the new port is correctly allowed through the firewall. By doing so, you can significantly reduce the attack surface and safeguard your server.