How to SSH on a port other than 22
If you are on Linux system and you want connect to an SSH server on port 26 you can use the following command.
ssh [email protected] -p 26
Note:
- Replace server IP with the IP Address or DNS name of your server.
- Change your port number as you have set.
- if you are using custom port SSH then same port most be allowed for outbound, inbound connection on firewall otherwise the connection will not establish
It seems like you're not running SSH on port 26 on the second machine. You can either change the port number on that machine to 26.
Either edit /etc/ssh/sshd_config & don't forget to restart SSH (service sshd restart) or leave it on 22, but forward port 26 on the router to port 22 on the second machine. Also, don't forget to change any firewall settings on the second machine to allow the connections through.
I use port 22 only for the intranet ssh access.
For access via internet I use a custom (unusual) port. This has the benefit the I reduce the load produced generated by script kids who are scanning port 22 for "well known usernames".
The external sshd processes are controlled by xinetd and running in parallel to the internal sshd process.
In the following example I use the port 12345:
You are free to change this to any available free port number on your system. Maybe a higher value will make it also a bit more unlikely that this port is scanned by a "quick port scan".
The xinetd configuration is:
service ssh-external
{
socket_type = stream
wait = no
protocol = tcp
type = UNLISTED
user = root
server = /usr/sbin/sshd
server_args = -i -f /etc/ssh/external-sshd.config
port = 12345
log_on_failure += USERID
}
The file /etc/ssh/external-ssdh.config can be a copy of your usual sshd configuration.
Ensure that the following statements are configured:
Port 12345
AddressFamily inet
I also suggest to enforce public key authentication and disable password authentication for the internet access:
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no