How To Change Your SSH Port to Boost Server Security

If you're running a server, leaving SSH on its default port is like putting a welcome mat out for attackers. Port 22 is the first thing anyone scanning for vulnerable servers will try, and changing it is one of the easiest ways to reduce automated attack attempts.

This guide walks you through changing your SSH port using Web Host Manager and command line tools. The process takes about 10 minutes and can significantly improve your server's security posture.

Why Port 22 Is a Security Risk

By default, SSH listens on port 22. Every bot and script kiddie on the internet knows this, which means your server is constantly getting hammered with login attempts if you're using the standard configuration.

Changing your SSH port won't stop a determined attacker, but it will filter out the vast majority of automated scanning tools that only check common ports. Think of it as moving your front door to a less obvious location—casual intruders won't find it.

Opening the New Port in Your Firewall

Before you change the SSH configuration, you need to open your chosen port in the firewall. Otherwise, you'll lock yourself out of your own server. We'll use port 5622 as an example, but you can pick any unused port above 1024.

In Web Host Manager:

1. Login to Web Host Manager

2. Navigate to Configure Firewall and Security

3. Select Firewall Configuration

4. Find the TCP_IN field and add 5622 to the list

5. Scroll down and click Change to save your settings

6. Restart CSF to apply the new rules

The firewall is now ready to accept SSH connections on your new port. Next, you need to tell the SSH daemon to actually listen there.

Modifying the SSH Configuration File

Now comes the part where you edit the actual SSH settings. You'll need to connect to your server via terminal—on Mac, you can find Terminal under Applications > Utilities. Windows users can use PuTTY or the built-in SSH client in Windows 10 and newer.

Connect to your server with this command:

ssh [email protected]

Replace the IP address with your actual server IP, and enter your password when prompted.

Once you're logged in, locate the SSH configuration file:

locate sshd_config

This file is usually in /etc/ssh/, but the locate command will show you the exact path if it's somewhere else on your system.

Open the configuration file with a text editor:

nano /etc/ssh/sshd_config

Look for the line that says #Port 22. Remove the # symbol to uncomment it, then change 22 to 5622 (or whatever port you opened in the firewall). On Mac, press Command + X to exit, type Y to confirm you want to save, and hit Enter.

👉 Get dedicated servers with advanced security configurations and DDoS protection built-in

Restarting SSH to Apply Changes

Your configuration is updated, but the SSH daemon is still listening on the old port until you restart it. Head back to Web Host Manager and restart the SSH service:

1. Login to Web Host Manager

2. Go to Restart Services

3. Click on SSH Server (Open SSH)

Give it a few seconds to restart, then test your new configuration.

Testing Your New SSH Port

Before you close your existing SSH session, open a new terminal window and try connecting with the new port:

ssh -p 5622 [email protected]

The -p flag tells SSH to use port 5622 instead of the default 22. If you can connect successfully, congratulations—your SSH port change is complete.

If the connection fails, don't panic. Your original SSH session should still be open. Go back and double-check that you opened the correct port in the firewall and that you saved the sshd_config file properly.

A Few Extra Security Tips

Changing your SSH port is a good first step, but it's not the only thing you should do to secure your server. Consider setting up key-based authentication instead of using passwords—it's far more secure and just as convenient once you've got it configured.

You should also keep your server software updated, disable root login via SSH, and consider using fail2ban to automatically block IP addresses that show suspicious behavior. These layers of security work together to make your server a much harder target.

If you're managing multiple servers or need more advanced security features, having a hosting provider that understands these requirements makes a huge difference. Look for services that offer customizable firewall rules, automated security updates, and responsive technical support when you need it.