Skip to main content
HashnodeKusal TharinduKusal Tharindu

Command Palette

Search for a command to run...

How to Change the Default SSH Port on Ubuntu 24.04 (The Right Way)

Updated
5 min read
How to Change the Default SSH Port on Ubuntu 24.04 (The Right Way)
K
Kusal Tharindu

As a dedicated DevOps Engineer, I've immersed myself in the dynamic world of DevOps, sharing my insights through blogs to support the community. I aim to simplify complex processes, empowering both beginners and experts to navigate DevOps with confidence and ease, fostering collective growth in this ever-evolving field.

Part of seriesDevops

If you've tried changing the SSH port on Ubuntu 24.04 and it didn't work, you're not alone. Ubuntu 24.04 handles SSH differently than older versions, and the usual method of editing the config file won't work by itself.

In this guide, I'll show you the correct way to change your SSH port on Ubuntu 24.04, including enabling the UFW firewall for added security.

Why Change the Default SSH Port?

Port 22 is the default SSH port, and every bot on the internet knows this. By changing it to a non-standard port, you can:

  • Reduce automated brute-force attacks

  • Keep your server logs cleaner

  • Add an extra layer of security (security through obscurity)

Note: Changing the port alone isn't a complete security solution. Always use strong passwords or SSH keys and keep your system updated.

The Ubuntu 24.04 Challenge

In older Ubuntu versions, you simply edited /etc/ssh/sshd_config and restarted SSH. Done.

But Ubuntu 24.04 uses socket activation. This means the SSH socket configuration overrides your config file settings. If you only edit the config file, SSH will still listen on port 22.

Let's fix this properly.

Prerequisites

  • Ubuntu 24.04 server with root or sudo access

  • Current SSH access to your server

  • A new port number (I'll use 2227 in this guide)

Important: Choose a port between 1024-65535. Avoid well-known ports. Random numbers like 2227, 48291, or 33456 work well.

Step 1: Edit the SSH Configuration File

First, let's change the port in the main SSH config file.

sudo nano /etc/ssh/sshd_config

Find the line that says #Port 22 or Port 22. Change it to:

Port 2227

Remove the # if it's there (that's a comment symbol).

Save and exit: Press Ctrl+O, then Enter, then Ctrl+X.

Verify the change:

grep -i "^Port" /etc/ssh/sshd_config

You should see:

Port 2227

Step 2: Override the SSH Socket Configuration

This is the step most tutorials miss. Ubuntu 24.04 uses systemd socket activation, and we need to override it.

Check the current socket configuration:

cat /lib/systemd/system/ssh.socket

You'll see something like:

[Socket]
ListenStream=0.0.0.0:22
ListenStream=[::]:22

That's why SSH ignores your config file—the socket is hardcoded to port 22.

Create an override file:

sudo systemctl edit ssh.socket

This opens an editor. Add the following content between the two comment blocks:

[Socket]
ListenStream=
ListenStream=0.0.0.0:2227
ListenStream=[::]:2227

Important: The first empty ListenStream= is required. It clears the default values before setting the new port.

Save and exit.

Verify the override file was created:

cat /etc/systemd/system/ssh.socket.d/override.conf

You should see:

[Socket]
ListenStream=
ListenStream=0.0.0.0:2227
ListenStream=[::]:2227

Step 3: Apply the Changes

Reload systemd to read the new configuration:

sudo systemctl daemon-reload

Restart the SSH socket:

sudo systemctl restart ssh.socket

Verify SSH is listening on the new port:

sudo systemctl status ssh.socket

Look for these lines in the output:

Listen: 0.0.0.0:2227 (Stream)
        [::]:2227 (Stream)

If you see your new port, it's working!

Step 4: Test the New Port (CRITICAL!)

⚠️ Do NOT close your current SSH session yet!

Open a new terminal window and test the connection:

ssh -p 2227 your-username@your-server-ip

If it connects successfully, proceed to the next step. If not, you still have your original session to troubleshoot.

Step 5: Enable UFW Firewall

Now let's secure your server with UFW (Uncomplicated Firewall).

Allow the new SSH port first:

sudo ufw allow 2227/tcp comment 'SSH'

Enable the firewall:

sudo ufw enable

Type y when asked for confirmation.

Verify the firewall status:

sudo ufw status verbose

You should see:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)

To                         Action      From
--                         ------      ----
2227/tcp                  ALLOW IN    Anywhere                   # SSH
2227/tcp (v6)             ALLOW IN    Anywhere (v6)              # SSH

Step 6: Update Router Port Forwarding (If Applicable)

If you're accessing your server from outside your local network, update your router's port forwarding settings:

SettingValue
External Port2227
Internal Port2227
ProtocolTCP
Internal IPYour server's local IP

Step 7: Final Test

Test the connection one more time:

ssh -p 2227 your-username@your-server-ip

If you have DDNS set up for remote access:

ssh -p 2227 your-username@your-ddns-address

Quick Reference: All Commands

Here's a summary of all commands for easy copy-paste:

# Step 1: Edit SSH config
sudo nano /etc/ssh/sshd_config
# Change: Port 2227

# Step 2: Create socket override
sudo systemctl edit ssh.socket
# Add:
# [Socket]
# ListenStream=
# ListenStream=0.0.0.0:2227
# ListenStream=[::]:2227

# Step 3: Apply changes
sudo systemctl daemon-reload
sudo systemctl restart ssh.socket
sudo systemctl status ssh.socket

# Step 4: Test (in new terminal)
ssh -p 2227 your-username@your-server-ip

# Step 5: Enable firewall
sudo ufw allow 2227/tcp comment 'SSH'
sudo ufw enable
sudo ufw status verbose

Troubleshooting

SSH still listening on port 22?

Make sure you created the override file correctly:

cat /etc/systemd/system/ssh.socket.d/override.conf

The first ListenStream= must be empty to clear defaults.

Connection refused on new port?

  1. Check if SSH is listening: sudo systemctl status ssh.socket

  2. Check firewall: sudo ufw status

  3. Check router port forwarding (for remote access)

Locked out of server?

If you have physical access or console access through your hosting provider, you can revert changes by editing the files directly.

Conclusion

Changing the SSH port on Ubuntu 24.04 requires an extra step compared to older versions. The key is understanding that Ubuntu 24.04 uses systemd socket activation, which overrides the traditional SSH config file.

By following this guide, you've:

  • ✅ Changed SSH to a non-standard port

  • ✅ Properly configured the systemd socket override

  • ✅ Enabled UFW firewall for added security

  • ✅ Updated router port forwarding for remote access

Your server is now a bit more secure from automated attacks. Remember to always keep your system updated and use SSH keys for the best security.

Connect With Me

If you found this guide helpful, feel free to share it with others who might be struggling with the same issue!

Last updated: January 2026 Tested on: Ubuntu 24.04 LTS

#ssh#ubuntu-2404-lts#linux#security#devops

Comments

Join the discussion

No comments yet. Be the first to comment.

Devops

Part 2 of 5
Up next

How to Configure Cloudflare as a Dynamic DNS (DDNS) on Ubuntu Server 24.04 LTS

Introduction If you're running a home server and want to access it remotely, you've probably faced this frustrating problem: your ISP keeps changing your public IP address. Every time your router restarts or the IP lease expires, you lose access to y...

More from this blog

K

Kusal Tharindu

15 posts

Passionate DevOps Engineer and blogger, aiming to demystify complex DevOps concepts. Dedicated to assisting the community with practical, everyday insights.