QDE DocsChange SSH Port
Change the default SSH port on your VPS to reduce automated attacks.
Why Change the SSH Port?
Port 22 is the default for SSH. Bots constantly scan it trying to brute-force passwords. Changing it to a different port won't make your server bulletproof, but it cuts down on noise and automated attacks.
Before You Begin
Do not close your current SSH session until you've confirmed the new port works. If you lock yourself out, you'll need to use the control panel console to fix it.
Pick a port number between 1024 and 65535. Avoid well-known ports (80, 443, 3306, etc.). Something like 2222 or 2299 works fine.
Step 1: Edit the SSH Config
Open the SSH config file:
nano /etc/ssh/sshd_configFind the line:
#Port 22Remove the # and change 22 to your new port:
Port 2222Save and exit: press Ctrl + O, then Enter, then Ctrl + X.
Step 2: Restart SSH
Apply the change:
systemctl restart sshdOn some systems (like Ubuntu 22.04+), the service is called ssh instead:
systemctl restart sshStep 3: Allow the New Port in Your Firewall
If you're using ufw:
ufw allow 2222/tcpIf you're using firewalld:
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --reloadIf you're not using a firewall, skip this step.
Step 4: Test Before Closing Your Session
Keep your current session open. Open a new terminal and try connecting on the new port:
ssh -p 2222 root@192.0.2.1If it works, you're done. If it doesn't, use your existing session to fix the config.
Step 5: Remove Old Port from Firewall
Once confirmed, remove port 22 if you no longer need it:
ufw delete allow 22/tcpCommon Mistakes
| Mistake | What happens |
|---|---|
| Closing the session before testing | You get locked out. Use the control panel console to fix it |
| Forgetting the firewall | New port is blocked. Connection times out |
| Using a port already in use | SSH fails to start. Check with ss -tlnp |
| Typo in config file | SSH won't restart. Check syntax with sshd -t |