What is the SSH Port & How to Change SSH Port on Linux (Step-by-Step Guide)

IT Updated on : October 24, 2025

Secure Shell (SSH) serves as a private, locked door that allows you to securely access and manage your Linux server from anywhere. By default, the SSH service listens on port 22, which is well-known and a typical target for automated attackers.

Changing the port is analogous to moving that door down a quieter hallway, and while it will not render your system impervious to attack, it will reduce the number of unwanted knocks.

In this guide, you will learn what an SSH port is, what the default SSH port is, how changing the port increases security, and how to change the SSH port on Linux safely and step by step.

What is the SSH Port?

The SSH port is the network port number on which the SSH server daemon (usually sshd) listens for incoming connections. In other words, when you type ssh user@hostname, your SSH client connects to a specific TCP port on the hosted server and establishes a secure, encrypted session. The port is like the “door” used to enter remote access.

What is the Default Port Used by the SSH Protocol?

Secure Shell uses Transmission Control Protocol (TCP) port by default, and it is commonly used with other protocols, such as Secure Copy (SCP) and Secure File Transfer Protocol (SFTP). Telnet uses port 23. SMTP uses port 25. HTTP uses port 80.

This port is publicly known; automated bots frequently target it with brute-force login attempts. Changing it won’t make your server invincible, but it can significantly reduce unnecessary traffic and log clutter.

How to Change SSH Port on Linux

Follow these steps carefully to change the SSH port safely:

1. Access your server via SSH

Log in to your Linux server using your current SSH setup. Example command:

Ensure that your credentials (username/password or SSH key) are working.

2. Backup the SSH configuration file

Before making changes, always create a backup of the configuration:

This ensures you can revert if something goes wrong.

3. Edit the SSH daemon configuration

Open the file:

Find the line that says:

#Port 22

Un-comment it (remove #) and change 22 to your desired port (for example, 61189). Save and exit.

4. Adjust firewall settings

You must open your new port in your firewall. Example using UFW:

If using another firewall method or control panel, apply the equivalent rule.

5. Restart the SSH service

Apply the changes by restarting sshd:

For older systems:

6. Verify the new port is active

Use this command to check the listening ports:

Or, with netstat:

You should see sshd listening on your chosen port.

7. Test the SSH connection using the new port

Before closing your original session, open a new terminal and attempt:

Ensure you can connect successfully. Only once it’s confirmed should you close your prior SSH session.

The Benefits of Changing the SSH Port

1. Reduces Automated Attacks (Bot Defense)

• What it means: Hackers use bots to scan the internet for servers running SSH on the default port 22, like enemy drones scouting for easy targets. Changing the port is like moving your base to a hidden location.
• Why it helps: Bots typically target port 22 for brute-force attacks (trying endless password combos). A non-standard port (e.g., 2222) makes your server less visible, reducing the chance of being hit by these automated attacks.

2. Lowers Noise from Script Kiddies

• What it means: Amateur hackers (script kiddies) rely on simple tools that default to port 22, like shooting at a known enemy outpost. Switching ports is like camouflaging your position.
• Why it helps: It filters out low-skill attackers who don’t bother scanning other ports, letting you focus defenses on more serious threats.

3. Improves Log Clarity (Better Intel)

• What it means: Server logs are your battlefield reports. If port 22 is swamped with bot attacks, it’s like radio chatter drowning out real intel. A custom port keeps logs cleaner.
• Why it helps: Fewer junk connection attempts mean you can spot real threats faster, making monitoring and incident response more effective.

4. Deters Casual Reconnaissance

• What it means: Hackers often probe port 22 to map targets, like spies scouting enemy camps. A non-standard port is like operating behind a smokescreen.
• Why it helps: It forces attackers to work harder to find your SSH service, discourages casual scans, and reduces your server’s exposure.

5. Works with Firewalls for Stronger Defenses

• What it means: Pairing a custom port with firewall rules is like fortifying your base with extra walls and guard towers.
• Why it helps: You can configure firewalls to allow SSH only on the new port, blocking port 22 entirely, which adds another layer of protection against unauthorized access.

6. Avoids ISP or Network Restrictions

• What it means: Some networks or ISPs block port 22 to control traffic, like roadblocks on a supply route. A custom port is like taking a back road.
• Why it helps: It ensures you can still connect to your server even if port 22 is restricted, keeping your operations running smoothly.

What Are Valid Ports to Use for SSH?

• Port numbers range from 1–65535.
• Avoid 1–1023 (system-reserved).
• Choose a port above 1024, such as 2200, 2222, or 22222.
• Ensure the port isn’t already used by another service and is allowed by your firewall.

Common SSH Port Configuration Mistakes

• Forgetting to update firewall rules or security groups.
• Restarting SSH before verifying access on the new port.
• Using a port already assigned to another service.
• Relying only on obscurity, a changed port should complement, not replace, strong authentication.

Conclusion

Altering your SSH port is an easy and practical way to decrease your risk of automated attacks. It won’t completely protect you, but it will add one more complication for potential attackers. When combined with key-based authentication, firewall rules, and updates, you will have a well-protected Linux environment.

FAQs

Q1. What is the port number for SSH?

Ans. By default, SSH uses TCP port 22.

Q2. Can I use port 80 or 443 for SSH?

Ans. Yes, but these are typically reserved for web traffic and may conflict with HTTP/HTTPS services. So, it is not recommended.

Q3. What happens if I change my SSH port incorrectly?

Ans. You may lose remote access. Always test the new port in a second session before closing the original.

Q4. What are some good custom ports for SSH?

Ans. Ports above 1024 that are not used by other services, e.g., 2200, 2222, or 22222.

Q5. Does changing the SSH port improve security?

Ans. Yes, it reduces brute-force noise but doesn’t replace strong authentication methods.

Q6. How do I check which port SSH is running on?

Ans. Run:

sudo ss -tuln | grep ssh

sudo grep Port /etc/ssh/sshd_config

Q7. What are valid ports to use for SSH?

Ans. Any between 1 and 65535, but above 1024 is safest.

Q8. What is the default port used by the SSH protocol?

Ans. Port 22.