If your server is open on the internet, you must have noticed a lot of failed SSH login attempts. If not then you can check that by using “sudo journalctl -u ssh.service | grep “Failed password“”. You will notice a lot of failed SSH login attempts. This shows that people are trying to login to your server using SSH but failing. In this tutorial, i will tell you how to change SSH port on Ubuntu 24.04 the right way.
Why You Must Change SSH Port
By default, SSH runs on port 22 and this is well known to all the I.T people. This increase the chances of brute force attacks and if they are lucky, they get access to the server. Changing the port to something else, will add a solid layer for security, so when people try to connect to your server using SSH with 22 port they will get error.
To add more security to your server i would suggest you to configure Fail2ban too. I had already published a complete guide to install and configure Fail2ban on Ubuntu 24.04.
Why SSH Socket and Not SSH File
In older versions, SSH use to run as a service in the background which continuously eating up CPU and RAM 24/7. With the new systemd socket activation, SSH now stays idle and just keep a listener running, so when someone tries to connect using SSH to the server, the services becomes active and performs its tasks.
So with this lets see how we can change SSH port/socket in Ubuntu 24.04
Table of Contents
Prerequisite
- A server with Ubuntu 24.04 installed
- A sudo user
Step 1 – Update Using SSH Socket
To change the SSH port, i won’t suggest you to edit the main configuration file because in case of any major update, the changes may revert back. I am using the override method which is more reliable and in case of any update, our settings will stay intact.
For demonstration, i am changing the SSH port to 8088. You can choose any port between 1024 to 65535 because 0 to 1023 is used by the system for various services and processes. Execute the given below command and you will find an editor
sudo systemctl edit ssh.socketNow, just copy and paste the given below to the editor
[Socket]
ListenStream=
ListenStream=0.0.0.0:8088
ListenStream=[::]:8088Save the file by pressing Ctrl+x, “y” and hit enter.
Step 2 – Updating the Firewall
Now that we have updated our SSH port, we need to allow the firewall to allow connections through it. Let’s allow the 8088 port in UFW firewall and reload
sudo ufw allow 8088/tcp
sudo ufw reloadStep 3 – Restart and Test
Now lets restart the services including daemon and then test the changes. Execute the given below command one by one
sudo systemctl daemon-reload
sudo systemctl restart ssh.socketDo not close the current SSH terminal. Open another terminal and login using the 8088 port. If you are using “Putty” software, make sure to change port from “22” to “8088” and If you are connecting via command prompt use the following
ssh -p 8088 root@your-server-ipNote:- Instead of "root" you can use your sudo user as well in the above command.
If you logged in successfully, you have done everything right. If not then, you already have a previous SSH terminal, make changes as explained above and restart the SSH service again and try logging in again.
Conclusion
Since hackers these days use various attacking techniques to get access to servers, it is always the best change SSH port. This not add security but also saves the server from certain DDOS attacks.
Leave a Reply