Changing the default SSH port is a simple way to reduce brute-force attacks. This guide walks you through safely changing the SSH port for CentOS, Ubuntu, and AlmaLinux systems
sudo nano /etc/ssh/sshd_config
For all three distros (Ubuntu, CentOS, AlmaLinux), the SSH config path is the same.
Locate this line:
#Port 22
Remove the #
and change 22
to your desired port (e.g., 2222):
Port 2222
sudo ufw allow 2222/tcp
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload
# Ubuntu / Debian
sudo systemctl restart ssh
# CentOS / AlmaLinux / RHEL
sudo systemctl restart sshd
From your local machine, try:
ssh -p 2222 user@your-server-ip
✅ If it works, great! Now block the old port.
Once you confirm the new port works:
Ubuntu:
sudo ufw delete allow 22/tcp
CentOS / AlmaLinux:
sudo firewall-cmd --permanent --remove-port=22/tcp
sudo firewall-cmd --reload
Use key-based authentication instead of passwords.
Install tools like fail2ban to block suspicious login attempts.
Don’t pick ports below 1024 unless you know what you’re doing—they often require special privileges.
OS | Command Tested | Firewall Supported |
---|---|---|
Ubuntu | ssh |
UFW |
CentOS | sshd |
Firewalld |
AlmaLinux | sshd |
Firewalld |