{"id":114799,"date":"2022-11-13T12:46:43","date_gmt":"2022-11-13T12:46:43","guid":{"rendered":"https:\/\/ded9.com\/?p=114799"},"modified":"2025-12-20T08:13:02","modified_gmt":"2025-12-20T08:13:02","slug":"how-to-connect-to-ssh-server-on-alternate-port","status":"publish","type":"post","link":"https:\/\/ded9.com\/tr\/how-to-connect-to-ssh-server-on-alternate-port\/","title":{"rendered":"How to Connect to an SSH Server on an Alternate Port"},"content":{"rendered":"<p class=\"\" data-start=\"296\" data-end=\"642\">SSH (Secure Shell) is the most widely used protocol for remotely accessing Linux servers. By default, it listens on <a href=\"https:\/\/www.cbtnuggets.com\/common-ports\/what-is-port-22\" target=\"_blank\" rel=\"noopener\"><strong data-start=\"412\" data-end=\"423\">port 22<\/strong><\/a>, which is well-known and frequently targeted by automated bots attempting brute-force attacks. One standard method for adding a layer of obscurity and reducing these attacks is to change or add an alternative<strong data-start=\"602\" data-end=\"641\">\u00a0SSH port<\/strong>.<\/p>\n<p class=\"\" data-start=\"644\" data-end=\"684\">This tutorial explains in detail how to:<\/p>\n<ul data-start=\"685\" data-end=\"919\">\n<li class=\"\" data-start=\"685\" data-end=\"722\">\n<p class=\"\" data-start=\"687\" data-end=\"722\">Choose and verify an alternate port<\/p>\n<\/li>\n<li class=\"\" data-start=\"723\" data-end=\"776\">\n<p class=\"\" data-start=\"725\" data-end=\"776\">Configure your firewall and SELinux (if applicable)<\/p>\n<\/li>\n<li class=\"\" data-start=\"777\" data-end=\"814\">\n<p class=\"\" data-start=\"779\" data-end=\"814\">Modify the SSH daemon configuration<\/p>\n<\/li>\n<li class=\"\" data-start=\"815\" data-end=\"865\">\n<p class=\"\" data-start=\"817\" data-end=\"865\">Connect to your server using the new port safely<\/p>\n<\/li>\n<li class=\"\" data-start=\"866\" data-end=\"919\">\n<p class=\"\" data-start=\"868\" data-end=\"919\">Avoid mistakes that can lock you out of your server<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"921\" data-end=\"1071\">Whether you&#8217;re a system administrator or just running your own VPS, following this guide will help you improve your server&#8217;s SSH access configuration.<\/p>\n<h2 class=\"\" data-start=\"1078\" data-end=\"1115\">Why Change the Default SSH Port?<\/h2>\n<p class=\"\" data-start=\"1117\" data-end=\"1374\">Changing the default SSH port will not <strong data-start=\"1153\" data-end=\"1164\">prevent<\/strong> attacks, but can <span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\"><strong>significantly reduce the noise<\/strong><\/span>. Most brute-force bots only scan and attack port 22. Using a different port (e.g., 2222 or 2200) hides your SSH entry point from generic scanners.<\/p>\n<p class=\"\" data-start=\"1376\" data-end=\"1451\"><strong data-start=\"1376\" data-end=\"1387\">However<\/strong>, this is not a replacement for good security practices, such as:<\/p>\n<ul data-start=\"1452\" data-end=\"1553\">\n<li class=\"\" data-start=\"1452\" data-end=\"1474\">\n<p class=\"\" data-start=\"1454\" data-end=\"1474\">Turning off root login<\/p>\n<\/li>\n<li class=\"\" data-start=\"1475\" data-end=\"1512\">\n<p class=\"\" data-start=\"1477\" data-end=\"1512\">Using SSH keys instead of passwords<\/p>\n<\/li>\n<li class=\"\" data-start=\"1513\" data-end=\"1553\">\n<p class=\"\" data-start=\"1515\" data-end=\"1553\">Implementing fail2ban or similar tools<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"1555\" data-end=\"1634\">Think of changing the SSH port as one of many layers in your server&#8217;s security.<\/p>\n<h3 data-start=\"1641\" data-end=\"1692\">Step 1: Confirm SSH Access on the Default Port<\/h3>\n<p class=\"\" data-start=\"1694\" data-end=\"1799\">Before making any changes, verify that you can currently SSH into the server using the default port (22):<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">ssh username@server_ip\r\n<\/pre>\n<\/div>\n<p class=\"\" data-start=\"1837\" data-end=\"1926\">Replace <code data-start=\"1845\" data-end=\"1855\">username<\/code> and <code data-start=\"1860\" data-end=\"1871\">server_ip<\/code> With your actual SSH user and the server&#8217;s IP address.<\/p>\n<h3 data-start=\"1933\" data-end=\"1979\">Step 2: Choose and Test an Alternate Port<\/h3>\n<p class=\"\" data-start=\"1981\" data-end=\"2156\">You should pick a port number that is <strong data-start=\"2019\" data-end=\"2033\">not in use<\/strong> and, preferably, above 1024, since ports below that are considered privileged and may require root access to bind.<\/p>\n<p class=\"\" data-start=\"2158\" data-end=\"2231\">Let&#8217;s say you want to use port <strong data-start=\"2189\" data-end=\"2197\">2222<\/strong>. To check whether it&#8217;s available:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo ss -tulpn | grep ':2222'\r\n<\/pre>\n<\/div>\n<p data-start=\"2158\" data-end=\"2231\">This port is free and safe if you don\u2019t get any output. Avoid using ports commonly used by other services (e.g., 3306 for MySQL, 8080 for HTTP).<\/p>\n<h3 data-start=\"2435\" data-end=\"2487\">Step 3: Allow the New Port Through the Firewall<\/h3>\n<p class=\"\" data-start=\"2489\" data-end=\"2670\"><strong data-start=\"2489\" data-end=\"2503\">Important:<\/strong> Before editing the SSH configuration, ensure the new port is open in your firewall.\u00a0<span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">If something goes wrong, failing to do this\u00a0<strong>may lock you out<\/strong> of your server<\/span>.<\/p>\n<h4 data-start=\"2672\" data-end=\"2714\">If You&#8217;re Using UFW (<a href=\"https:\/\/ded9.com\/what-is-ubuntu-2\/\">Ubuntu<\/a>\/Debian)<\/h4>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo ufw allow 2222\/tcp\r\n<\/pre>\n<\/div>\n<p>You can check the status with:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo ufw status\r\n<\/pre>\n<\/div>\n<p>If You\u2019re Using Firewalld (CentOS\/RHEL\/Fedora)<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo firewall-cmd --permanent --add-port=2222\/tcp\r\nsudo firewall-cmd --reload\r\n<\/pre>\n<\/div>\n<p>If You\u2019re Using iptables (Legacy Systems)<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo iptables -A INPUT -p tcp --dport 2222 -j ACCEPT\r\n<\/pre>\n<\/div>\n<p>To make iptables rules persistent, you\u2019ll need to save them using:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo iptables-save &gt; \/etc\/iptables\/rules.v4\r\n<\/pre>\n<\/div>\n<h3 data-start=\"3205\" data-end=\"3248\">Step 4: Configure SELinux (If Enabled)<\/h3>\n<p class=\"\" data-start=\"3250\" data-end=\"3384\">If your server uses <strong data-start=\"3270\" data-end=\"3281\">SELinux<\/strong> (common in CentOS, RHEL, and Fedora), you&#8217;ll need to allow SSH on the new port explicitly.<\/p>\n<p class=\"\" data-start=\"3386\" data-end=\"3446\">First, install the necessary tools if not already installed:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo yum install -y policycoreutils-python-utils\r\n<\/pre>\n<\/div>\n<p data-start=\"3386\" data-end=\"3446\">Then add the new port:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo semanage port -a -t ssh_port_t -p tcp 2222\r\n<\/pre>\n<\/div>\n<p data-start=\"3386\" data-end=\"3446\">To verify:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo semanage port -l | grep ssh\r\n<\/pre>\n<\/div>\n<p data-start=\"3386\" data-end=\"3446\">This step is <strong data-start=\"3666\" data-end=\"3677\">crucial<\/strong>: failing to update SELinux will cause SSH to refuse connections to the new port, even if the firewall allows it.<\/p>\n<h3 data-start=\"3802\" data-end=\"3846\">Step 5: Edit the SSH Configuration File<\/h3>\n<p class=\"\" data-start=\"3848\" data-end=\"3914\">It&#8217;s time to update the SSH daemon to listen on the new port.<\/p>\n<p class=\"\" data-start=\"3916\" data-end=\"3944\">Open the configuration file:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo nano \/etc\/ssh\/sshd_config\r\n<\/pre>\n<\/div>\n<p data-start=\"3916\" data-end=\"3944\">Find the following line (it may be commented out):<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">#Port 22\r\n<\/pre>\n<\/div>\n<p data-start=\"3916\" data-end=\"3944\">Uncomment it and add your new port on the following line:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">Port 22\r\nPort 2222<\/pre>\n<\/div>\n<p class=\"\" data-start=\"4151\" data-end=\"4289\"><strong data-start=\"4151\" data-end=\"4160\">Note:<\/strong> Keeping port 22 active for now is a safety measure. Once you&#8217;re confident the new port works, you can optionally remove port 22.<\/p>\n<p class=\"\" data-start=\"4291\" data-end=\"4365\">Save and exit the file (<code data-start=\"4315\" data-end=\"4325\">Ctrl + X<\/code>, then press <code data-start=\"4338\" data-end=\"4341\">Y<\/code> and <code data-start=\"4346\" data-end=\"4353\">Enter<\/code> in <code data-start=\"4357\" data-end=\"4363\">nano<\/code>).<\/p>\n<h3 data-start=\"4372\" data-end=\"4411\">Step 6: Test the SSH Configuration<\/h3>\n<p class=\"\" data-start=\"4413\" data-end=\"4499\">Before restarting the SSH service, validate the syntax of your SSH configuration file:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo sshd -t\r\n<\/pre>\n<\/div>\n<p data-start=\"4413\" data-end=\"4499\">If no error is returned, it means your configuration is correct.<\/p>\n<h3 data-start=\"4598\" data-end=\"4634\">Step 7: Restart the SSH Service<\/h3>\n<p class=\"\" data-start=\"4636\" data-end=\"4683\">Apply the changes by restarting the SSH daemon:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo systemctl restart sshd\r\n<\/pre>\n<\/div>\n<p data-start=\"4636\" data-end=\"4683\">On some systems (like older Debian versions), the service may be called <code data-start=\"4798\" data-end=\"4803\">ssh<\/code> instead of <code data-start=\"4815\" data-end=\"4821\">sshd<\/code>:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo systemctl restart ssh\r\n<\/pre>\n<\/div>\n<h3 data-start=\"4869\" data-end=\"4914\">Step 8: Connect Using the Alternate Port<\/h3>\n<p class=\"\" data-start=\"4916\" data-end=\"4976\">Now, try connecting via the new port from your local machine:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;application\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">ssh -p 2222 username@server_ip<\/pre>\n<\/div>\n<p class=\"\" data-start=\"5022\" data-end=\"5173\">You should get the same SSH login prompt as before. Keep your terminal open on the old connection (port 22) in case anything goes wrong.<\/p>\n<h3 data-start=\"5180\" data-end=\"5225\">Optional: Disable Default SSH Port (22)<\/h3>\n<p class=\"\" data-start=\"5227\" data-end=\"5345\">Once you&#8217;ve confirmed that the new port works flawlessly, you can optionally remove port 22 from your SSH config file:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo nano \/etc\/ssh\/sshd_config\r\n<\/pre>\n<\/div>\n<p data-start=\"5227\" data-end=\"5345\">Change:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">Port 22\r\n<\/pre>\n<\/div>\n<p data-start=\"5227\" data-end=\"5345\">To:<\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">Port 2222\r\n<\/pre>\n<\/div>\n<p class=\"\" data-start=\"5459\" data-end=\"5491\">Then restart SSH and test again.<\/p>\n<p class=\"\" data-start=\"5459\" data-end=\"5491\"><strong data-start=\"5495\" data-end=\"5507\">Caution:<\/strong> Only turn off port 22 after you&#8217;re 100% sure the alternate port works and is accessible.<\/p>\n<h3 data-start=\"5607\" data-end=\"5633\">Troubleshooting Tips<\/h3>\n<p class=\"\" data-start=\"5635\" data-end=\"5698\">If something goes wrong and you can&#8217;t connect via the new port:<\/p>\n<ol data-start=\"5700\" data-end=\"5997\">\n<li class=\"\" data-start=\"5700\" data-end=\"5760\">\n<p class=\"\" data-start=\"5703\" data-end=\"5760\"><strong data-start=\"5703\" data-end=\"5728\">Check the firewall rules: ensure<\/strong>\u00a0the new port is open.<\/p>\n<\/li>\n<li class=\"\" data-start=\"5761\" data-end=\"5835\">\n<p class=\"\" data-start=\"5764\" data-end=\"5835\"><strong data-start=\"5764\" data-end=\"5792\">Check SELinux (if used):<\/strong> Ensure the port was added with <code data-start=\"5824\" data-end=\"5834\">semanage<\/code>.<\/p>\n<\/li>\n<li class=\"\" data-start=\"5836\" data-end=\"5914\">\n<p class=\"\" data-start=\"5839\" data-end=\"5873\"><strong data-start=\"5839\" data-end=\"5858\">Check SSH logs:<\/strong> View logs via:<\/p>\n<\/li>\n<\/ol>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo journalctl -xe\r\n<\/pre>\n<\/div>\n<p><strong data-start=\"5918\" data-end=\"5944\">Ensure SSH is running:<\/strong><\/p>\n<div class=\"wp-block-codemirror-blocks code-block \">\n<pre class=\"CodeMirror\" data-setting=\"{&quot;mode&quot;:&quot;shell&quot;,&quot;mime&quot;:&quot;text\/x-sh&quot;,&quot;theme&quot;:&quot;material&quot;,&quot;lineNumbers&quot;:false,&quot;lineWrapping&quot;:false,&quot;styleActiveLine&quot;:false,&quot;readOnly&quot;:true,&quot;align&quot;:&quot;&quot;}\">sudo systemctl status sshd\r\n<\/pre>\n<\/div>\n<p>You can reconnect and resolve any issues if port 22 is still enabled.<\/p>\n<h2>Final Thoughts<\/h2>\n<p class=\"\" data-start=\"6113\" data-end=\"6329\">Switching to a non-standard SSH port can slightly improve your server&#8217;s security by reducing the number of brute-force login attempts. Although <strong data-start=\"6257\" data-end=\"6280\">not a silver bullet<\/strong>, it adds another layer to your defense strategy.<\/p>\n<p class=\"\" data-start=\"6331\" data-end=\"6360\">This guide showed you how to:<\/p>\n<ul data-start=\"6361\" data-end=\"6504\">\n<li class=\"\" data-start=\"6361\" data-end=\"6391\">\n<p class=\"\" data-start=\"6363\" data-end=\"6391\">Choose an alternate SSH port<\/p>\n<\/li>\n<li class=\"\" data-start=\"6392\" data-end=\"6427\">\n<p class=\"\" data-start=\"6394\" data-end=\"6427\">Update firewall and SELinux rules<\/p>\n<\/li>\n<li class=\"\" data-start=\"6428\" data-end=\"6468\">\n<p class=\"\" data-start=\"6430\" data-end=\"6468\">Modify and test your SSH configuration<\/p>\n<\/li>\n<li class=\"\" data-start=\"6469\" data-end=\"6504\">\n<p class=\"\" data-start=\"6471\" data-end=\"6504\">Connect using the new port safely<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"6506\" data-end=\"6638\">Combined with strong passwords, SSH keys, and tools like <code data-start=\"6563\" data-end=\"6573\">fail2ban<\/code>This approach makes your server significantly harder to target.<\/p>\n<h2 data-start=\"6506\" data-end=\"6638\">FAQ<\/h2>\n<div id=\"rank-math-rich-snippet-wrapper\"><div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-1\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">How do I connect to an SSH server on a different port?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use the SSH command with the port option: ssh -p username@server_address.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-2\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">Why does the SSH server use a non-standard port?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Administrators often change from default port 22 to reduce automated brute-force scans and improve security through obscurity.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-3\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \">What should I check if the connection fails?<\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Ensure the server\u2019s firewall permits the alternate port and verify network reachability before retrying the SSH connection.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSH (Secure Shell) is the most widely used protocol for remotely accessing Linux servers. By default, it listens on port 22, which is well-known and frequently targeted by automated bots attempting brute-force attacks. One standard method for adding a layer of obscurity and reducing these attacks is to change or add an alternative\u00a0SSH port. This [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":115027,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[86],"tags":[4904,1245,3086],"class_list":["post-114799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-centos","tag-ssh","tag-vps"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/posts\/114799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/comments?post=114799"}],"version-history":[{"count":3,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/posts\/114799\/revisions"}],"predecessor-version":[{"id":266308,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/posts\/114799\/revisions\/266308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/media\/115027"}],"wp:attachment":[{"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/media?parent=114799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/categories?post=114799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ded9.com\/tr\/wp-json\/wp\/v2\/tags?post=114799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}