Establishing a secure shell connection often requires precision, especially when multiple services compete for standard ports on a server. Using ssh with port number specifications is a fundamental skill for system administrators and developers who manage infrastructure behind firewalls or load balancers.
The default port for secure shell traffic is 22, but security through obscurity is a common practice to reduce automated bot attacks. By changing the listening port, you effectively filter out a significant volume of noise from automated scripts scanning the internet. This simple adjustment forces potential intruders to discover the correct port before attempting to crack credentials, adding a valuable layer of obscurity to your security strategy.
Configuring the Daemon to Listen
Before attempting to connect remotely, the server itself must be configured to accept connections on the non-standard port. This configuration is managed through the main daemon configuration file, typically located at /etc/ssh/sshd_config . You will need to locate the line commented out with #Port 22 and modify the number to your desired value.
It is generally recommended to choose a port number above 1024 to avoid conflicts with well-known system services. Common choices range from 2022 to 22222, though any valid port number that is not already in use is acceptable. Remember that the port number must be explicitly defined; the daemon will not guess your intent if the line remains commented out.
Adjusting the Client Command
Once the server is listening on the new port, the client machine must specify this port to establish a successful connection. The basic syntax requires the -p flag followed by the numerical port you configured on the server.
Command Syntax Example
Assuming you changed the server port to 2222, the command to connect would look like the following example. This tells the client to initiate the secure shell protocol on the specified interface and port number rather than the default.
Note that the port flag can be placed at the end of the command or directly after the username. Both ssh -p 2222 user@host and ssh user@host -p 2222 are valid and will yield the same result.
Integrating with Configuration Files
Typing the port number every time you connect can become tedious, especially if you manage multiple servers. Fortunately, the client configuration file, usually found at ~/.ssh/config , allows you to define these settings per host. This turns a complex command into a simple alias-like connection.
By editing this file, you can create a block for each server that includes the hostname, user identity, and port number. Once configured, you only need to type the shortcut name you assigned to the host.
Sample Host Configuration
The following configuration snippet demonstrates how to map a nickname to a specific server and port. After saving this to your config file, running ssh nickname will automatically apply the port directive without requiring manual input.
