Changing the default SSH port on your Debian server can significantly enhance security by reducing exposure to automated attacks. By default, SSH operates on port `22`, a well-known target for malicious activities. Moving SSH to a different port adds an extra layer of obscurity, making it harder for attackers to discover your SSH service.
Before starting, ensure you have:
Linux Server with SSH Access: You should have SSH access to a Linux server, enabling remote management and configuration.
User Account with `sudo` Privileges: Ensure you have a user account with `sudo` privileges on the server. This allows you to make system-wide changes, including modifying SSH configurations.
`UFW` (Uncomplicated Firewall) Installed and Configured: `UFW` should be installed and properly configured on your server. This ensures that firewall rules are in place to control network traffic, providing an additional layer of security.
If you need help with these prerequisites, refer to these tutorials:
How to Generate SSH Key Pair on Linux and Connect to a Linux Server
How to Generate and Use SSH Keys on Windows Using PowerShell and Connect to a Linux Server
How to Install and Configure UFW (Uncomplicated Firewall) on a Linux Server
Select a new port number between `1024` and `65535`. Ports below `1024` are reserved for well-known services. For this example, we'll use port `2222`.
1. Open the SSH configuration file:
Use a text editor such as `nano` to open the SSH configuration file located at `/etc/ssh/sshd_config`.
Linux (Debian/Ubuntu)
sudo nano /etc/ssh/sshd_config
2. Find the Port line:
Locate the line that begins with `#Port 22`. The `#` indicates it's commented out.
3. Change the Port number:
Uncomment the line by removing the `#`, and change `22` to your desired port number, in this case, `2222`.
Linux (Debian/Ubuntu)
Port 2222
4. Save and exit:
Save the file and exit the text editor. In `nano`, you can do this by pressing `CTRL + X`, then `Y`, and then `ENTER`.
1. Open the new port:
If you are using `ufw`, you need to allow the new SSH port.
Linux (Debian/Ubuntu)
sudo ufw allow 2222/tcp
2. Remove the old port rule (optional but recommended):
To enhance security, you can remove the rule allowing port `22`.
Linux (Debian/Ubuntu)
sudo ufw delete allow 22/tcp
3. Reload the firewall:
Reload `ufw` to apply the changes.
Linux (Debian/Ubuntu)
sudo ufw reload
1. Restart SSH:
Ensure changes take effect by restarting the SSH service.
Linux (Debian/Ubuntu)
sudo systemctl restart ssh
Connect using SSH keys:
Ensure you have SSH keys set up for your user. If you need help setting up SSH keys, follow the tutorial mentioned above for detailed instructions.
Use the following command to connect
ssh -i "/path/to/your/private/key" -p 2222 your_username@your_server_ip
This command is suitable for terminal environments on Linux, macOS, or Windows using OpenSSH via PowerShell.
Ensure that `ufw` or any other firewall you use is not blocking the new SSH port.
Verify that the SSH service is running by checking its status.
Linux (Debian/Ubuntu)
sudo systemctl status ssh
By following these steps, you have successfully changed the default SSH port on your Debian server. This small but effective change can help protect your server from automated attacks and improve overall security. Remember to always keep your server and its software up to date with the latest security patches for enhanced protection.
Published: June 23, 2024
Have a question or suggestion? Want to request a tutorial or simply leave me a message? I'd love to hear from you! Join our community on Discord for exclusive content, engaging discussions, and more. Thank you! 🌟