How to change the SSH port on Ubuntu - Rocketeers app

  [ Rocketeers ](/)   

[Login](https://rocketeersapp.com/login) 

 On this page

 Knowledge
---------

How to change the SSH port on Ubuntu
====================================

### [\#Security](https://rocketeersapp.com/knowledge/security)

Moving SSH off the default port 22 cuts down on automated brute-force noise in your logs. Here is how to do it safely on Ubuntu, including the socket-activation change that catches people out on 24.04, without locking yourself out.

 Published by [Mark van Eijk](https://rocketeersapp.com/author/mark-van-eijk) on June 23, 2026 · 1 minute read

1. [Set the new port in sshd\_config](#content-set-the-new-port-in-sshdconfig)
2. [Ubuntu 22.10 and newer: update the socket too](#content-ubuntu-2210-and-newer-update-the-socket-too)
3. [Open the new port in the firewall](#content-open-the-new-port-in-the-firewall)
4. [Apply the change](#content-apply-the-change)
5. [Test in a new session — don't close the old one](#content-test-in-a-new-session--dont-close-the-old-one)
6. [Clean up the firewall](#content-clean-up-the-firewall)

Changing the port is not real security on its own — see [optimizing web application and server security](/optimize-web-application-security) for the controls that matter — but it dramatically reduces the volume of drive-by login attempts. Here's how to do it without losing access to your server.

[\#](#content-set-the-new-port-in-sshdconfig "Permalink")Set the new port in sshd\_config
-----------------------------------------------------------------------------------------

Edit the SSH daemon config:

 ```
sudo nano /etc/ssh/sshd_config

```

Find the `Port` line, uncomment it, and set your chosen port (pick something above 1024, for example 2222):

 ```
Port 2222

```

[\#](#content-ubuntu-2210-and-newer-update-the-socket-too "Permalink")Ubuntu 22.10 and newer: update the socket too
-------------------------------------------------------------------------------------------------------------------

This is the step most guides miss. On Ubuntu 22.10, 24.04, and later, `ssh` is **socket-activated** by systemd, so the `Port` in `sshd_config` is ignored — the listening port is defined in `ssh.socket` instead.

Check whether socket activation is in use:

 ```
sudo systemctl status ssh.socket

```

If it's active, override the socket's port:

 ```
sudo systemctl edit ssh.socket

```

Add these lines in the editor (the empty `ListenStream=` clears the default of 22):

 ```
[Socket]
ListenStream=
ListenStream=2222

```

On older releases (Ubuntu 22.04 and earlier) there's no socket — the `sshd_config` change alone is enough.

[\#](#content-open-the-new-port-in-the-firewall "Permalink")Open the new port in the firewall
---------------------------------------------------------------------------------------------

If you run UFW, allow the new port **before** restarting, or you'll lock yourself out:

 ```
sudo ufw allow 2222/tcp

```

[\#](#content-apply-the-change "Permalink")Apply the change
-----------------------------------------------------------

Reload systemd and restart SSH:

 ```
sudo systemctl daemon-reload
sudo systemctl restart ssh.socket ssh

```

[\#](#content-test-in-a-new-session--dont-close-the-old-one "Permalink")Test in a new session — don't close the old one
-----------------------------------------------------------------------------------------------------------------------

Keep your current SSH session open. From another terminal, connect on the new port:

 ```
ssh -p 2222 user@your-server

```

Only once that succeeds should you close the original session. If the new connection is refused or rejected, work through [SSH Permission denied (publickey)](/ssh-permission-denied-publickey) and double-check the firewall rule.

[\#](#content-clean-up-the-firewall "Permalink")Clean up the firewall
---------------------------------------------------------------------

After confirming the new port works, remove the old rule if you'd added one for port 22:

 ```
sudo ufw delete allow 22/tcp

```

### Subscribe to our newsletter

Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now!

  Fill in your email address to receive updates  Subscribe 

#### More in [\#Security](https://rocketeersapp.com/knowledge/security)

- [How to extract the certificate from a PFX file](https://rocketeersapp.com/knowledge/extract-certificate-from-pfx-file)
- [How to extract private key from PFX file](https://rocketeersapp.com/knowledge/extract-private-key-from-pfx-file)
- [How to optimize web application security](https://rocketeersapp.com/knowledge/optimize-web-application-security)
- [How to get A+ grade SSL using Cloudflare](https://rocketeersapp.com/knowledge/a-plus-grade-ssl-using-cloudflare)
- [How to setup OpenClaw securely on your own VPS](https://rocketeersapp.com/knowledge/setup-openclaw-vps-securely)
- [How to generate a CSR with OpenSSL](https://rocketeersapp.com/knowledge/generate-csr-with-openssl)

 [View all 15 articles →](https://rocketeersapp.com/knowledge/security)