Hexazn – Tips & Tricks | Hexazn Blog

+880 9644 555 666
Facebook Twitter Youtube Telegram
logo-hexazn
Menu

How to Change SSH Default Port and Whitelist a Specific IP on Ubuntu (Step-by-Step Guide)

Leave a Comment / By /

Securing your Linux server is one of the most important tasks for any system administrator. By default, SSH runs on port 22, which is constantly scanned by bots and automated attacks. Two simple but highly effective ways to strengthen your SSH security are:

✅ Changing the default SSH port
✅ Whitelisting a trusted IP so only you can access SSH

In this guide, we’ll walk through both methods in a beginner-friendly way.

🟦 Why Change the Default SSH Port?

Attackers constantly scan servers for open port 22, trying brute-force logins.
Changing the port doesn’t make your server unbreakable, but it significantly reduces automated attacks and noise in your logs.

For example, you can change SSH from port 22 to something like 2222, 2299, or any unused port above 1024.

Step 1: Change the SSH Port


1. Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

2. Find this line:

#Port 22

Uncomment and modify it:

Port 2222

Replace 2222 with your desired port number.

3. Restart SSH:

sudo systemctl restart ssh

4. Test the new port (don’t close your current SSH session yet!):

ssh -p 2222 username@your_server_ip

Note: If login works, you can safely disconnect the old session.

Step 2: Whitelist Your IP for SSH Only

Whitelisting means only your IP address can connect to SSH.
Ubuntu’s UFW firewall makes this easy.

1. Allow SSH only from your IP
Replace 192.168.1.10 with your own IP:

sudo ufw allow from 192.168.1.10 to any port 2222 proto tcp

2. Deny all other SSH access:

sudo ufw deny 2222

3. Reload UFW:

sudo ufw reload

4. Verify rules:

sudo ufw status numbered

Now only your IP can access the SSH port you changed. Everyone else will be blocked automatically.

🟦 Extra Tips to Secure SSH Further

🔹 Disable password login & use SSH keys
🔹 Disable root login
🔹 Enable fail2ban to block brute-force attempts
🔹 Keep your system updated regularly

🟩 Conclusion

Changing the default SSH port and whitelisting a specific IP are simple yet powerful steps to secure your Linux server. These methods help prevent unauthorized access attempts and make your server significantly harder to attack.

With just a few commands, you’ve:

✔ Changed SSH port from 22 to a custom port
✔ Restricted SSH access to your own trusted IP
✔ Reduced brute-force attack risk

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top