Managing your server’s SSH (Secure Shell) access is crucial for security and functionality. Port 22 is the default port used for SSH connections. If you’ve changed it or are experiencing issues, resetting it back to port 22 can help restore standard access. This guide will walk you through the simple steps to reset port 22 on your Linux system.
Understanding Port 22 and SSH
- SSH (Secure Shell): A protocol that allows secure remote login and other secure network services over an insecure network.
- Port 22: The default network port used by SSH to establish connections between your local machine and the remote server.
Resetting port 22 ensures that your SSH connections use the standard port, which can simplify access and troubleshooting.
Prerequisites
Before you begin, make sure you have:
- Access to Your Server: You need administrator (root) privileges to make changes.
- Current SSH Configuration Knowledge: Understanding of basic SSH commands.
- Backup Access: Ensure you have alternative access methods (like a console or another SSH session) if something goes wrong.
Steps to Reset Port 22
Follow these steps carefully to reset your SSH port to 22.
1. Access Your Server
Log in to your Linux server using your current SSH configuration.
ssh your_username@your_server_ip
Replace your_username
with your actual username and your_server_ip
with your server’s IP address.
2. Open the SSH Configuration File
The SSH server’s settings are located in the sshd_config
file. Open this file with a text editor like nano
or vi
.
sudo nano /etc/ssh/sshd_config
3. Modify the SSH Port Number
- Find the Port Line:Look for a line that starts with
Port
. It might look like this:Port 2222
If you don’t see this line, SSH is using the default port 22.
- Change the Port to 22:Modify the line to set the port to 22:
Port 22
- Save and Exit:
- In Nano:
- Press
CTRL + O
to write out the changes. - Press
Enter
to confirm. - Press
CTRL + X
to exit.
- Press
- In Vi:
- Press
ESC
. - Type
:wq
and pressEnter
to save and quit.
- Press
- In Nano:
4. Adjust Firewall Settings
Ensure that your firewall allows connections on port 22.
For UFW (Uncomplicated Firewall):
- Allow SSH on Port 22:
sudo ufw allow 22/tcp
- Reload the Firewall to Apply Changes:
sudo ufw reload
For Firewalld:
- Allow SSH Service:
sudo firewall-cmd --permanent --add-service=ssh
- Reload Firewalld:
sudo firewall-cmd --reload
Note: You might need to remove the old rule if you had previously set a different port. For example, to remove port 2222 from UFW:
sudo ufw delete allow 2222/tcp
5. Restart the SSH Service
After making changes, restart the SSH service to apply them.
sudo systemctl restart sshd
If you’re using an older version of Ubuntu, the service might be named ssh
instead of sshd
:
sudo systemctl restart ssh
6. Verify the SSH Connection
- Open a New Terminal Window:This ensures you don’t get locked out if something goes wrong.
- Attempt to Connect via SSH on Port 22:
ssh your_username@your_server_ip
If the connection is successful, you’ve successfully reset port 22.
- Optional – Remove Your Current SSH Session:Once confirmed, you can close the old SSH session.
Best Practices
- Keep Port 22 Open: While changing the SSH port can reduce automated attacks, standard port 22 makes connecting easier for others.
- Use Strong Passwords or SSH Keys: Enhance security by using complex passwords or, preferably, SSH key authentication.
- Regularly Update Your Server: Keep your system and SSH software up to date to protect against vulnerabilities.
- Monitor SSH Access: Use tools like fail2ban to monitor and block suspicious login attempts.
Frequently Asked Questions (FAQ)
1. Why Would I Need to Reset Port 22?
You might want to reset port 22 if you’ve changed it for security reasons and now prefer to use the default port. It could also be necessary after troubleshooting connectivity issues.
2. What Happens If I Forget to Open Port 22 in the Firewall?
If port 22 isn’t open, you won’t be able to connect to your server via SSH on that port. You’ll need to access your server through another method (like a console) to fix the firewall settings.
3. Can I Use a Different Port for SSH Instead of 22?
Yes. Changing the SSH port can reduce automated attacks, but it’s essential to remember the new port number for future connections.
4. How Do I Find Out Which Port SSH is Currently Using?
Open the SSH configuration file and look for the Port
directive:
sudo nano /etc/ssh/sshd_config
Look for a line like Port 2222
. If it’s not present, SSH is using the default port 22.
5. Is It Safe to Use Port 22 for SSH?
Yes. Port 22 is the standard port for SSH and is widely used. Ensure you follow other security best practices to keep your server secure.
6. How Do I Prevent Getting Locked Out When Changing SSH Ports?
Always test the new SSH configuration in a separate terminal session before closing the current one. Additionally, consider keeping a backup access method.
7. What Should I Do If I Still Get a “Connection Refused” Error?
Check the SSH service status, ensure port 22 is open in the firewall, verify that the SSH service is listening on port 22, and make sure there are no network issues.
8. Can SELinux Affect SSH Connections on Port 22?
Yes. If SELinux is enabled, ensure that it allows SSH traffic on port 22. You can check SELinux status with:
sestatus
Helpful Resources
- Ubuntu SSH Documentation
- Linux Firewall Basics
- Understanding SSH Configuration
- Fail2ban Installation Guide
- Official SSH Documentation
Conclusion
Resetting port 22 on your Linux server is a straightforward process that can help restore standard SSH access or resolve connectivity issues. By following the steps outlined in this guide, you can confidently manage your SSH port settings while maintaining the security and accessibility of your server.
Remember to back up your current configurations before making changes and verify each step to prevent accidental lockouts. With the right precautions and practices, managing SSH ports becomes a seamless part of server administration.
If you encounter persistent issues or need further assistance, consider contacting your hosting provider’s support team or consulting with a Linux expert.