Easy Steps To SSH Port Number Change on Debian 12/11/10

Posted on

Easy Steps To SSH Port Number Change on Debian 12/11/10

This tutorial aims to guide you through the process of SSH Port Number Change on Debian Server. The SSH port facilitates secure remote logins from one computer to another. The default SSH port is 22. It is highly recommended to change this port for enhanced security.

In this tutorial, we will use Debian 12 Bookworm to change our SSH port, but the instructions are also applicable to Debian 10 and Debian 11. Follow the steps below to complete this guide on the SSH Port Number Change on Debian 12/11/10.

To perform an SSH Port Number Change on Debian, you need access to your server as a root user or a non-root user with sudo privileges. You can refer to the following initial server setup guides for Debian:

Initial Server Setup with Debian 10

Initial Server Setup with Debian 11

And Initial Server Setup with Debian 12 Bookworm

Step 1 – Check the Current SSH Configuration on Debian

The first step is to check your current SSH port on your Debian server. To do this, run the following command in your Debian terminal:

sudo grep -i port /etc/ssh/sshd_config

In my case, I get the following output:

**Output**
Port 22

Step 2 – Edit the sshd_config File To Change the SSH Port

Now, you need to edit the sshd_config file to change your SSH port. Open the file with your preferred text editor; we will use vi:

sudo vi /etc/ssh/sshd_config

Find the Port 22 line and change its value to the desired number you want to use for your SSH port. Here, we will use port 3823.

Port 3823

When you are done, save and close the file.

Each time you make configuration changes to this file, you must restart SSH to apply the changes. To do this, run the command below:

sudo systemctl restart sshd

Step 3 – Verify the New SSH Port on the Debian

At this point, run the netstat command and ensure that the ssh daemon now listens on the new ssh port:

sudo netstat -pnltu | grep ssh

In your output, you should see that your SSH port is listening on the new SSH port:

SSH Port Number Change on Debian 12/11/10
SSH Port Number Change on Debian

Step 4 – Allow SSh port on Debian UFW Firewall

If you have a running UFW firewall, you must allow the new SSH port. To do this, run the following command:

sudo ufw allow 3823/tcp

Then, reload the firewall to apply the new rules:

sudo ufw reload

Step 5 – Login To Debian with a New SSH port

At this point, you can exit from your server and use your new SSH port to log in to your server:

ssh -p 3823 linuxuser@server-ip-address

Is it possible to change the SSH port in Linux?

Yes, absolutely. It is always recommended to change the SSH port number to increase your security. As you can see in the above steps, you can easily SSH Port Number Change on Debian Linux.

Conclusion

At this point, you have learned to increase your server security by changing the default SSH port number, which is port 22 on Debian. To do this, you have learned to edit the ssh_config file and change your default SSH port.

Hope you enjoy SSH Port Number Change on Debian.

Alternative Solutions for Changing the SSH Port

While the method described above is a straightforward way to change the SSH port, there are other approaches that offer different advantages. Here are two alternative solutions for achieving the same goal of SSH Port Number Change on Debian:

1. Using sed for Automated Configuration

Instead of manually editing the sshd_config file with a text editor like vi, you can use the sed command for automated configuration. This is particularly useful for scripting and automation, where human interaction is undesirable.

Explanation:

The sed command is a powerful stream editor that can perform text transformations on files. We can use it to find the line containing "Port 22" and replace it with the desired port number. This method reduces the risk of human error and makes the process repeatable.

Code Example:

# Define the new port number
NEW_PORT=49152 #Example Port Number

# Use sed to replace the Port line in sshd_config
sudo sed -i "s/^Port 22$/Port $NEW_PORT/" /etc/ssh/sshd_config

# Restart the SSH service to apply the changes
sudo systemctl restart sshd

#Allow port using UFW if enabled.
sudo ufw allow $NEW_PORT/tcp

#Then, reload the firewall to apply the new rules:

sudo ufw reload

Explanation of the code:

  • NEW_PORT=49152: This line sets the desired new port number to the variable NEW_PORT. The example uses a port within the dynamic/private port range (49152-65535), which is generally a good practice for avoiding conflicts with well-known ports.
  • sudo sed -i "s/^Port 22$/Port $NEW_PORT/" /etc/ssh/sshd_config: This is the core command. Let’s break it down:
    • sudo sed -i: Runs sed with root privileges and the -i option, which means "in-place" editing (the file is modified directly).
    • "s/^Port 22$/Port $NEW_PORT/": This is the substitution command within sed.
      • s/: Indicates a substitution operation.
      • ^Port 22$: This is the pattern to search for.
        • ^: Matches the beginning of the line.
        • Port 22: Matches the literal string "Port 22".
        • $: Matches the end of the line. This ensures that only the exact "Port 22" line is matched and not something like "Port 2222".
      • Port $NEW_PORT: This is the replacement string. It replaces the matched pattern with "Port " followed by the value of the $NEW_PORT variable.
    • /etc/ssh/sshd_config: Specifies the file to operate on.
  • sudo systemctl restart sshd: Restarts the SSH service to load the new configuration.
  • sudo ufw allow $NEW_PORT/tcp: Adds firewall rule for the new port.
  • sudo ufw reload: Restarts UFW firewall for the rule to take effect.

Advantages:

  • Automation: This method is ideal for automating the SSH port change process as part of a larger server provisioning or configuration script.
  • Consistency: Reduces the risk of typos or other errors that can occur during manual editing.
  • Scalability: Easily applied to multiple servers simultaneously using tools like Ansible or Chef.

2. Using a Different Configuration File and Include Directive

Another approach is to create a separate configuration file specifically for SSH port settings and then include it in the main sshd_config file.

Explanation:

This method improves organization and makes it easier to manage SSH configurations across multiple servers. You can create a dedicated file (e.g., /etc/ssh/sshd_port.conf) containing only the Port directive. Then, you include this file in the main sshd_config file using the Include directive.

Code Example:

  1. Create the separate configuration file:
sudo vi /etc/ssh/sshd_port.conf

Add the following line to the file, replacing 50000 with your desired port:

Port 50000

Save and close the file.

  1. Modify the sshd_config file to include the new configuration:
sudo vi /etc/ssh/sshd_config

Add the following line at the end of the file (or anywhere outside of comment blocks):

Include /etc/ssh/sshd_port.conf

Save and close the file.

  1. Restart the SSH service:
sudo systemctl restart sshd
  1. Allow port using UFW if enabled:
sudo ufw allow 50000/tcp
sudo ufw reload

Explanation of the process:

  • Creating sshd_port.conf: This file isolates the port configuration, making it easier to manage. If you need to change the port again, you only need to edit this single file.
  • Include /etc/ssh/sshd_port.conf: This directive tells sshd to read and apply the configurations from the specified file in addition to the main sshd_config file. The Include directive allows including multiple config files.
  • Restarting SSH: This ensures that the new configuration is loaded.

Advantages:

  • Organization: Keeps the main sshd_config file cleaner and more manageable.
  • Modularity: Easier to manage SSH configurations across multiple servers by simply copying the sshd_port.conf file.
  • Flexibility: Allows for more complex configurations by including multiple configuration files.

By utilizing these alternative methods, you can tailor the SSH port changing process to best fit your specific needs and environment, enhancing the manageability and automation of your Debian server security. Remember to always test your configuration changes thoroughly after making them to ensure that you can still connect to your server via SSH. And after all of the above, you have successfully finished SSH Port Number Change on Debian 12/11/10.