English
العربية
Restarting Your Server via the Client Area
In some cases, you may need to restart your server directly from the Client Area, especially if...
Changing the default SSH port from 22 to another number is an essential step to enhance your server’s security. This helps reduce automated brute-force login attempts that target the default port 22. Follow the steps carefully and keep your current SSH session open until you confirm that the new port works properly.
Important Note: In this guide, we’ll use
2222 as an example only. You should choose your own port (e.g. 22022 or 2020). When running the commands, replace 2222 with the port number you selected.Before You Begin
- Root or sudo access to your server.
- Know the new SSH port number you plan to use.
- Ensure you have an active firewall (UFW, firewalld, or CSF).
- Keep your existing SSH session open until you verify the new configuration.
Step 1: Back Up Your SSH Configuration
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Step 2: Edit the SSH Port
sudo nano /etc/ssh/sshd_config
Find the following line:
#Port 22
Uncomment it (remove “#”) and replace 22 with your new port, for example:
Port 2222
Step 3: Open the New Port in the Firewall
You must allow the new SSH port before reloading the SSH service, otherwise you may lose access. Remember to replace “2222” with your chosen port in the following commands.
On Ubuntu / Debian (UFW):
sudo ufw allow 2222/tcp
On AlmaLinux / Rocky / RHEL (firewalld):
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --reload
If you use the CSF Firewall (on cPanel, DirectAdmin, or others):
You can open the new port in one of two ways:
- From the CSF interface in your control panel: add the port under TCP_IN, save changes, and restart the firewall.
- From the command line:
nano /etc/csf/csf.conf
Find this line:
TCP_IN = "20,21,22,80,443"
Add your new port (example):
TCP_IN = "20,21,22,80,443,2222"
Then restart CSF:
csf -r
Step 4: Configure SELinux (if enabled)
On RHEL / AlmaLinux / Rocky systems, you may need to allow the new port in SELinux:
sudo dnf install -y policycoreutils-python-utils
sudo semanage port -a -t ssh_port_t -p tcp 2222
sudo semanage port -a -t ssh_port_t -p tcp 2222
If the port already exists, modify it instead:
sudo semanage port -m -t ssh_port_t -p tcp 2222
Step 5: Reload the SSH Service
After saving your changes, reload SSH to apply the new configuration:
sudo systemctl reload sshd
If reload doesn’t work on your system:
sudo systemctl restart sshd
Step 6: Test the New SSH Connection
From another terminal or device, test the new port:
ssh -p 2222 user@YOUR_SERVER_IP
Once confirmed that it works, you may remove port 22 from your firewall if desired.
UFW:
sudo ufw delete allow 22/tcp
firewalld:
sudo firewall-cmd --permanent --remove-port=22/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --reload
CSF:
csf -r
Common Issues and Fixes
- Cannot connect on the new port: Check your firewall and SELinux settings, and don’t close the old session until verified.
- Command ‘semanage’ not found: Install the
policycoreutils-python-utilspackage. - Bad configuration option 'Port': Ensure only one
Portline exists and spacing is correct. - Port already in use: Choose another available port number.
Summary
Changing the SSH port is an essential step to improve server security, but it’s not enough on its own. You should also use SSH keys, disable direct root login, and enable protection tools like Fail2Ban and CSF for maximum security.