How to Change the SSH Port on VPS, Common Ports and How to Choose the Right One
Secure Shell (SSH) is a network protocol that allows users to access the server remotely. It also encrypts the communication between a client and private server, making it more secure.
However, using the standard Transmission Control Protocol (TCP) port 22 for SSH might be risky since it is vulnerable to many cyber threats, especially brute-force attacks – a hacking method used to gain access to encrypted sensitive data.
Therefore, changing your default port is one of the best ways to protect your SSH server. In this article, we will explain how to choose a new SSH port and walk you through changing it on your virtual private server (VPS).
Download Complete Linux Commands Cheat Sheet
How to Choose a New SSH Port
When choosing a new SSH port, note that port numbers 0-1023 are reserved for various services and can only be bound by root access.
Here is a list of the most common privileged services and their associated ports and functions:
| Port | Protocol | Service |
| 20 | TCP | File Transfer Protocol (FTP) data |
| 21 | TCP | FTP server |
| 22 | TCP | SSH |
| 23 | TCP | Telnet server |
| 25 | TCP | Simple Mail Transfer Protocol (SMTP) |
| 53 | TCP/UDP | Domain Name System (DNS) |
| 67/68 | UDP | Dynamic Host Configuration Protocol (DHCP) |
| 69 | UDP | Trivial FTP (TFTP) |
| 80 | TCP | Hypertext Transfer Protocol (HTTP) |
| 110 | TCP | Post Office Protocol 3 (POP3) |
| 123 | UDP | Network Time Protocol (NTP) |
| 137/138/139 | TCP/UDP | NetBIOS |
| 143 | TCP | Internet Message Access Protocol (IMAP) |
| 161/162 | TCP/UDP | Simple Network Management Protocol (SNMP) |
| 179 | TCP | Border Gateway Protocol (BGP) |
| 389 | TCP/UDP | Lightweight Directory Access Protocol (LDAP) |
| 443 | TCP | HTTP over SSL/TLS (HTTPS) |
| 636 | TCP/UDP | LDAP over SSL/TLS (LDAPS) |
| 989/990 | TCP | FTP over SSL/TLS (FTPS) |
Although you can still use them, doing so will put your SSH connection at risk of network conflict.
Therefore, we recommend choosing from different ports ranging from 1024 to 65535 as they are non-privileged.
How to Change the Default SSH Port
In this section, we will explain how to change your default SSH port in four simple and easy steps.
1. Connect to Your Server via SSH
To do so, run the following command line on Terminal or PuTTy:
ssh username@0.0.0.0
For example:
ssh root@187.234.56.1
Next, you will be prompted to type the password or SSH keys. Once you’ve done so, the connection will be established.
2. Change SSH Configurations
Start by executing the following command to access the SSH daemon (sshd):
sudo vim /etc/ssh/sshd_config
The SSH configuration file will open. Find the line that reads #Port 22. Next, delete the number and # and replace it with the new SSH port number you want to use.
For example:
Change the SSH port number to 1026:
Lastly, press Esc to exit the insert mode and type :x to save the changes and quit the session.
3. Configure Your Firewall
Start by making sure the newly selected port is not blocked. If this is a new VPS server, all ports should be open by default.
Update your firewall settings to allow incoming connections to the new port. Run the following command:
sudo firewall-cmd --add-port=1026/tcp --permanent successsudo firewall-cmd --remove-service=ssh --permanent success
Next, restart the SSH service using the following command:
- For Debian and Ubuntu
service ssh restart
- For CentOS and Fedora
systemctl restart sshd.service
4. Test the New Default Port
To verify that the new SSH port is open, run either the ss or netstat command:
ss -tulpn | grep 1026
netstat -tulpn | grep 1026
Now you can try to log in to SSH using the following command:
ssh -p [port] user@server
![Screenshot of output for command "ssh -p [port] user@server"](/tutorials/wp-content/uploads/sites/2/2016/09/add-ss-to-the-output.webp)
For example:
ssh -p 1026 root@0.0.0.0
Pro Tip
Test the SSH connection using a new Terminal window. Do not log out from the previous root session until you’ve confirmed that the new setup is working well.
As for Hostinger users, if you cannot connect to your VPS using the new port, you can always reset the SSH settings to default from your Hostinger account.
Conclusion
Using the default SSH port 22 can make you an easy target for hackers – they often look for open ports through which to intercept and extract sensitive data. Therefore, we recommend changing the SSH port to avoid potential cyber attacks and add extra protection to your Linux server.
Before choosing a new port for your SSH access, note that the ports numbered 0-1023 are reserved for privileged services. Hence, it is best to use a port ranging from 1024 to 65535.
Configuring a new specified port is relatively easy – you only need to update the number in the SSH daemon configuration file and firewall settings. Then, restart the SSH service and test the new port’s connection again.
We hope this article has helped you change your SSH port on VPS. If you have any questions or ideas, please leave them in the comments section below.
Continue Learning About Your VPS
How to Use Linux Screen for Easier Workflow
How to Use Tmux for Multiple Tasks
How to Change Linux Hostname
Was this tutorial helpful?
Edgaras is a veteran server administrator at Hostinger. He makes sure that every server runs at full throttle and has all the latest technological advancements. When he's not working, Edgaras enjoys skiing and exploring the world.
Noviantika is a Digital Content Writer at Hostinger. Passionate in web hosting, WordPress, and SEO, she's driven to share her knowledge with the world through her writing. During her free time, Noviantika likes to hop on a plane and discover places.
