Step 2: Change the Default SSH Port

The next item listed by the OVH Securing a VPS guide is to change the default SSH port from 22 to something obscure. Hackers frequently probe this port and to log in using common root passwords or brute force.

  1. Choose a new port to use (higher ports are preferred).

  2. Open the firewall and verify that the port is open


    Don’t forget this step

    ufw allow [port]
    ufw enable
    ufw status
  3. Edit the sshd_config file.

  4. Add your new port below #Port 22

    nano /etc/ssh/sshd_config
  5. Verify that the config file does not contain errors.


    No output from sshd -t indicates that the configuration is correct.

    No Errors
    root@vps298933:~# sshd -t
    Configuration Errors
    root@vps298933:~# sshd -t
    /etc/ssh/sshd_config: line 15: Bad configuration option: Listen
    /etc/ssh/sshd_config: terminating, 1 bad configuration options
  6. Restart sshd

  7. Verify that the SSH service is running on your new port

    systemctl restart sshd
    netstat -tlpn | grep ssh
    root@vps298933:~# netstat -tlpn| grep ssh
    tcp        0      0 *               LISTEN      915/sshd
    tcp        0      0*               LISTEN      3211/sshd: root@pts
    tcp6       0      0 :::22                   :::*                    LISTEN      915/sshd
    tcp6       0      0 ::1:6010                :::*                    LISTEN      3211/sshd: root@pts


    At this point, you can no longer login using port 22

  8. Open a new terminal instance and verify that you can log in using the updated port.


    You must change the port setting in your terminal program after updating the port in your VPS.

  9. Don’t exit your current terminal session until you verify that you can log in using the new port.