change ssh port on manjaros

Changing the default SSH port is an important security measure that many Linux users adopt. By default, SSH runs on port 22, which makes it a common target for attackers looking for vulnerabilities. Changing the SSH port to a non-standard number can help reduce the likelihood of automated attacks and improve the overall security of your system.

In Manjaro, like any other Linux distribution, this change is quite simple and can be done by modifying the SSH configuration file. By using a custom port, you make it harder for malicious bots to find your system, as they typically scan only the default SSH port (22). This small change can act as a first layer of defense against unauthorized access.

How to Change SSH Port in Manjaro

Changing the SSH port on Manjaro is a simple process. Here’s how to do it:

Locate the SSH Configuration File

The SSH configuration file is located at /etc/ssh/sshd_config. This file contains the settings for SSH, including the port number.

To access it, open a terminal and type the following command:

sudo nano /etc/ssh/sshd_config

Edit the SSH Configuration File

Once the file is open, search for the line that specifies the port. By default, it will look like this:

#Port 22

Remove the # symbol to uncomment the line, then change the port number to your desired one. For instance, if you want to change it to 2222, modify the line as follows:

Port 2222

Choose any available port number above 1024, preferably one not commonly scanned by bots.

Save and Exit the Configuration File

After changing the port, save the file and exit the editor. In nano, press CTRL + X, then Y to confirm saving, and Enter to exit.

Restart the SSH Service

To apply the changes, restart the SSH service by running:

sudo systemctl restart sshd

Verify the Change

To check that the SSH port has been successfully changed, run the following command:

ss -tuln | grep ssh

This will show you the ports being used by SSH, and you should see the new port listed.

Restarting the SSH Service

After making changes to the SSH configuration file, it is necessary to restart the SSH service to apply the changes. Here’s how to do it:

Using systemctl

The simplest way to restart the SSH service is by using systemctl. Run the following command in the terminal:

sudo systemctl restart sshd

This command will restart the SSH service, applying the changes made to the configuration file.

Check the SSH Service Status

To verify that the SSH service is running properly after the restart, you can check its status with this command:

sudo systemctl status sshd

This will show if the SSH service is active and running. You should see an output indicating that the service is up and running.

Testing the New SSH Port

After changing the SSH port, it’s essential to ensure that the change is effective. Here’s how to test it:

Test SSH Connection Locally

Before attempting to connect remotely, you can test the new SSH port locally. Run the following command on the same machine:

ssh -p <new_port_number> username@localhost

Replace <new_port_number> with the new port you set and username with your actual username. If you can log in successfully, the new port is working as expected.

Test SSH Connection Remotely

To test the connection from another machine, use the following command:

ssh -p <new_port_number> username@<remote_ip>

Substitute <new_port_number> with the port you chose, username with your username, and <remote_ip> with the IP address of your Manjaro system. A successful connection means the new SSH port is correctly applied.

Verify the Port is Listening

You can also confirm that the SSH service is listening on the new port by using:

ss -tuln | grep <new_port_number>

This will show whether your system is actively listening for connections on the new port.

Changing the SSH port on Manjaro is an effective way to enhance security by reducing exposure to automated attacks that commonly target the default port (22). By following the steps outlined—editing the configuration file, restarting the SSH service, and verifying the changes—you can ensure your system is better protected. Additionally, it’s important to always test the new SSH port locally and remotely to confirm that the service is functioning correctly.

Overall, configuring a non-standard SSH port adds a layer of security, but it should be part of a broader security strategy that includes using strong passwords, implementing firewall rules, and keeping your system up-to-date.