Changing SSH Port (Raspberry Pi)

Raspbian SSH server configuration file

I regularly use SSH (Secure Shell) to control the various Raspberry Pis that I have set up as none of them are connected to a monitor / keyboard / mouse and it provides easy access from my laptop.

Note: The first piece of advice when using SSH with Raspbian is to make sure the default account password is changed. If you are using a firewall make sure the new SSH port is defined in the firewall and if you use port forwarding on your router (e.g. to allow SSH connections from the internet) make sure it forwards the relevant ports. With all that said…

I’ve already advised on installing / using a firewall with Raspbian but what if you want to hide that your Pi has SSH enabled? By default SSH uses port 22 but this can be changed, on the device that is allowing SSH connections open a terminal and enter:

sudo nano /etc/ssh/sshd_config

This command uses the nano editor (feel free to use other editors such as vim) to open the ssh server configuration file so that changes can be made.

geektechstuff_ssh_change_port
Raspbian SSH server configuration file

There are a few settings that can be changed here, including the maximum number of sessions and maximum number of authentication attempts, but today the line I am going to address is:

#Port 22

This line is currently commented out with the # and has the default port value (port 22). Uncomment the line and change the 22 to a different port value. Ports numbers up to 1023 are “well known” ports (see https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers) and should be avoided. I’m going to use port 2244.

geektechstuff_ssh_new_port
SSH changing port to port 2244

With that line changed use CTRL X to exit the nano editor and make sure to enter Y (yes) to save changes.

The SSH service will then need restarting, or the device rebooting.

Once the SSH service has restarted or the device rebooted then the port will have changed and trying to SSH will generation a connection refused message.

geektechstuff_ssh_changed_port
ssh connection refused

To use SSH to connect to the correct port some adjustment needs making to the SSH connection line, so instead of:

ssh user@ip_address

We now need to enter:

ssh -p PORTNUMBER user@ip_address

For my example this is:

ssh -p 2244 pi@192.168.0.48

geektechstuff_ssh_command_port_change
Command to connect to different SSH port

What About Ansible?

If you use Ansible and change the SSH port from port 22 to a different port number then you may notice that Ansible fails to connect. This is because Ansible uses SSH and uses the default SSH port. To let Ansible know that you have changed the port the Ansible inventory file will need updating.

To do this using nano enter:

sudo nano /etc/ansible/hosts

The ansible hosts file will open and contain details about the hosts set up in Ansible.

Ansible hosts
Ansible hosts

Any hosts that are using a different SSH port needs the port appending to with :PORTNUMBER , e.g. 192.168.0.38 becomes 192.168.0.38:2244

More details are available at: https://docs.ansible.com/ansible/2.3/intro_inventory.html

One thought on “Changing SSH Port (Raspberry Pi)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.