- Plesk for Linux
How to change the SSH port number on a Linux server?
Connect to the server via SSH.
Open the SSH configuration file
/etc/ssh/sshd_configin any text editor. In this example we are using the vi editor:
# vi /etc/ssh/sshd_config
Modify the file according to your needs using one of these steps:
Warning: Be careful when modifying the file. The incorrect SSH configuration may lead to server inaccessibility via SSH.
Set up one custom SSH port
Remove the hash "#" in the line
#Port 22and specify your custom SSH port, which will be used instead of standard SSH port 22.
CONFIG_TEXT: Port 2222
Set up several SSH ports
Remove the hash "#" in the line
#Port 22and additionally add your custom SSH port on the next line. In this case, SSH connections will be available on both ports.
CONFIG_TEXT: Port 22
Save the changes and close the file.
Restart the sshd service to apply the changes:
# service sshd restart
Note: The new port must be opened in server firewall. Visit this KB article to find out how.
Note: If port is changed on a SELinux system, it is needed to tell SELinux about this change:
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
If the Fail2Ban ssh jail is enabled on the server, modify its configuration to meet new changes:
Go to Tools & Settings > IP Address Banning (Fail2Ban) > switch to the Jails tab and click ssh.
On the ssh page, click Change Settings and change the port value from ssh to your new custom SSH port (In this example, it is 2222). Once done, apply the changes.
Note: If the default port (22) and custom port are used, add them as "port=2222".
When changing SSH port, shouldn't related fail2ban jail be adjusted, too?
Hi Cirrus, yes it is also required to update fail2ban configuration. The article will be updated accordingly.
Following this tutorial I was no longer access the server using SSH
After a bit of searching, I discovered that it is also necessary to add a custom rule in the Plesk firewall. Once I did this, I was able to access console on the new port.
PS. please update the guide to help others avoid being locked out as well. I used the following guide to solve the issue: https://support.plesk.com/hc/en-us/articles/115001078014-How-to-manage-firewall-rules-on-a-Plesk-for-Linux-server
Yes, you are correct, the required port should be opened for connection in Plesk firewall or any alternative, which is used.
That is why in the article we have the following note:
"the new port must be opened in firewall."
If you use a custom SSH port, the local GIT deployment configuration should consider this port as well when providing instructions: https://docs.plesk.com/en-US/onyx/administrator-guide/website-management/git-support/using-a-local-repository.75825/. Otherwise (i.e., right now), this renders the instructions useless since commands need to be changed manually.
Thank you for bringing this to our attention. Indeed, in order to use GIT deployment over ssh the command should be modified to below ("ssh://" URL does not support relative paths):
# git remote add origin ssh://firstname.lastname@example.org:22:/var/www/vhosts/example.com/git/test.git
I will create a request to a concerned department to add a corresponding note to the documentation.
Can you consider adding port information in client section where only IP address is visible?
Hello Grzegorz, could you please clarify a bit more for me where exactly you'd like to see it? Ideally with a screenshot.
Did all the steps but now i cannot login to SSH anymore, on port 22 it says conection refused and on the port i defined it says connection timed out. Any help on this? Btw i added it on plesk firewall as both income and outgoing rules.
It seems like you're not running SSH on port 26 on the second machine. You can either change the port number on that machine to 26.
ssh terminal in plesk is nor working after port change, still try to use port 22.
How to fix this plz
Confirmed that the Terminal window within the Plesk Admin Interface (Tools & Settings > SSH Terminal) no longer functions after changing to a custom SSH port, as it continues to attempt to access over port 22. This is even the case if you reboot the server.
In fact, trying to access the Terminal page results in repeating error notifications in the UI, even if you back out of the page. You have to reload the admin interface in the browser to stop them.
Please sign in to leave a comment.