How to Change the SSH Port on VPS, Common Ports and How to Choose the Right One

How to Change the SSH Port on VPS, Common Ports and How to Choose the Right One

Secure Shell (SSH) is a network protocol that allows users to access the server remotely. It also encrypts the communication between a client and a private server, making it more secure.

However, using the standard Transmission Control Protocol (TCP) port 22 for SSH can pose risks, especially vulnerability to cyber threats like brute-force attacks that attempt to access encrypted sensitive data.

Therefore, changing your default port is one of the best ways to protect your SSH server. In this article, we will explain how to choose a new SSH port and walk you through changing it on your virtual private server (VPS).

Download Ultimate SSH Commands Cheat Sheet

How to Choose a New SSH Port

When choosing a new SSH port, note that port numbers 0-1023 are reserved for various services and can only be bound by root access.

Here is a list of the most common privileged services and their associated ports and functions:

PortProtocolService
20TCPFile Transfer Protocol (FTP) data
21TCPFTP server
22TCPSSH
23TCPTelnet server
25TCPSimple Mail Transfer Protocol (SMTP)
53TCP/UDPDomain Name System (DNS)
67/68UDPDynamic Host Configuration Protocol (DHCP)
69UDPTrivial FTP (TFTP)
80TCPHypertext Transfer Protocol (HTTP)
110TCPPost Office Protocol 3 (POP3)
123UDPNetwork Time Protocol (NTP)
137/138/139TCP/UDPNetBIOS
143TCPInternet Message Access Protocol (IMAP)
161/162TCP/UDPSimple Network Management Protocol (SNMP)
179TCPBorder Gateway Protocol (BGP)
389TCP/UDPLightweight Directory Access Protocol (LDAP)
443TCPHTTP over SSL/TLS (HTTPS)
636TCP/UDPLDAP over SSL/TLS (LDAPS)
989/990TCPFTP over SSL/TLS (FTPS)

Although you can still use them, doing so will put your SSH connection at risk of network conflict.

Therefore, we recommend choosing from different ports ranging from 1024 to 65535 as they are non-privileged.

How to Change the Default SSH Port

In this section, we will explain how to change your default SSH port in four simple and easy steps.

1. Connect to Your Server via SSH

To do so, run the following command line on Terminal or PuTTy:

ssh username@0.0.0.0

For example:

ssh root@187.234.56.1

Next, you will be prompted to type the password or SSH keys. Once you’ve done so, the connection will be established.

Suggested Reading

Check out our article to learn how to set up SSH keys and manage them properly.

2. Change SSH Configurations

Start by executing the following command to access the SSH daemon (sshd):

sudo nano /etc/ssh/sshd_config

The SSH configuration file will open. Find the line that reads #Port 22. Next, delete the number and # and replace it with the new SSH port number you want to use.

For example:

SSH configuration file with Port 22

Change the SSH port number to 1026:

Changing SSH port to 1026

Then save the changes.

Pro Tip

If the contents of your sshd_config file look differently, simply add a new Port line, just like in the example above.

3. Configure Your Firewall

Start by making sure the newly selected port is not blocked. If this is a new VPS setup, all ports should be open by default.

Update your firewall settings to allow incoming connections to the new port. For this example, we will be using the UFW firewall. Run the following command:

sudo ufw allow 1026/tcp

Next, restart the SSH service using the following command:

Debian and Ubuntu:

sudo service ssh restart

Debian and Ubuntu with systemd:

sudo systemctl restart ssh

CentOS and Fedora

sudo service sshd restart

CentOS and Fedora with systems:

sudo systemctl restart sshd

Alternatively, you can take advantage of Hostinger VPS Firewall. Select your VPS and navigate to the Firewall section:

The Firewall button on hPanel VPS dashboard

Click Create firewall configuration, give your firewall configuration a name, and click Create:

The process of creating a new VPS Firewall configuration on hPanel

Then, select the Edit button:

The Firewall page on hPanel. The Edit button is highlighted

Lastly, configure the rules you prefer and click Add rule:

The process of creating a new firewall rules on hPanel

Keep in mind that our VPS Firewall filters incoming traffic.

4. Test the New Default Port

To verify that the new SSH port is open, run either the ss or netstat command:

ss -tulpn | grep 1026
Screenshot of output for command "s -tulpn | grep 1026"
netstat -tulpn | grep 1026 
Screenshot of output for command "ssh -p [port] user@server"

Now you can try to log in to SSH using the following command:

ssh -p [port] user@server

For example:

ssh -p 1026 root@0.0.0.0

Pro Tip

Test the SSH connection using a new Terminal window. Do not log out from the previous root session until you’ve confirmed that the new setup is working well.

As for Hostinger users, if you cannot connect to your VPS using the new port, you can always reset the SSH and firewall settings to default from your VPS dashboard on hPanel.

Conclusion

Using the default SSH port 22 can make you an easy target for hackers – they often look for open ports through which to intercept and extract sensitive data. Therefore, we recommend changing the SSH port to avoid potential cyber attacks and add extra protection to your Linux server.

Before choosing a new port for your SSH access, note that the ports numbered 0-1023 are reserved for privileged services. Hence, it is best to use a port ranging from 1024 to 65535.

Configuring a new specified port is relatively easy – you only need to update the number in the SSH daemon configuration file and firewall settings. Then, restart the SSH service and test the new port’s connection again.

We hope this article has helped you change your SSH port on VPS. If you have any questions or ideas, please leave them in the comments section below.

Author
The author

Edgaras G.

Edgaras is a veteran server administrator at Hostinger. He makes sure that every server runs at full throttle and has all the latest technological advancements. When he's not working, Edgaras enjoys skiing and exploring the world.

Author
The Co-author

Noviantika G.

Noviantika is a web development enthusiast with customer obsession at heart. Linux commands and web hosting are like music to her ears. When she's not writing, Noviantika likes to snuggle with her cats and brew some coffee.