How to run the SSH server on a port other than 22

ssh port-forwarding

1,309,311

Solution 1

It seems like you're not running SSH on port 26 on the second machine. You can either change the port number on that machine to 26.

Either edit /etc/ssh/sshd_config & don't forget to restart SSH (service sshd restart) or leave it on 22, but forward port 26 on the router to port 22 on the second machine. Also, don't forget to change any firewall settings on the second machine to allow the connections through.

Solution 2

If you are on Linux system and you want connect to an SSH server on port 26 you can use the following command.

ssh [email protected] -p 26

Note:

Replace server IP with the IP Address or DNS name of your server.
Change your port number as you have set.
if you are using custom port SSH then same port most be allowed for outbound, inbound connection on firewall otherwise the connection will not establish

Solution 3

I use port 22 only for the intranet ssh access.

For access via internet I use a custom (unusual) port. This has the benefit the I reduce the load produced generated by script kids who are scanning port 22 for "well known usernames".

The external sshd processes are controlled by xinetd and running in parallel to the internal sshd process. In the following example I use the port 12345:

You are free to change this to any available free port number on your system. Maybe a higher value will make it also a bit more unlikely that this port is scanned by a "quick port scan".

The xinetd configuration is:

service ssh-external
{
    socket_type = stream
    wait = no
    protocol = tcp
    type = UNLISTED
    user = root
    server = /usr/sbin/sshd
    server_args = -i -f  /etc/ssh/external-sshd.config
    port = 12345
    log_on_failure += USERID
}

The file /etc/ssh/external-ssdh.config can be a copy of your usual sshd configuration. Ensure that the following statements are configured:

Port 12345
AddressFamily inet

I also suggest to enforce public key authentication and disable password authentication for the internet access:

PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

Solution 4

As I've explained in a related answer, ssh client allows specifying URI format as ssh://user@host:1234. For example:

ssh  ssh://[email protected]:2222

where 2222 is the port number. Substitute the port number which you intend to use instead. Of course, remember that in order to connect to the specified port ssh server (on the host to which you are trying to connect) has to listen on the specified port in the first place

Solution 5

Listen ports also can be hard linked to IP addresses

/etc/ssh/sshd_config:

ListenAddress 10.10.10.10:22
ListenAddress 20.20.20.20:4444

View more solutions

1,309,311

Gary

Updated on September 18, 2022

Comments

Gary over 1 year
I have two computers behind the same router. Let's call them A and B.

A can SSH to B in the following manner: ssh usr@<internal ip of computer>

B can SSH to A by doing the same, but the external IP must be used. I have forwarded port 22 of my router to the IP of computer A, so that all makes sense to me.

However, I want to also forward port 26 to computer B, and SSH from outside the network by using the external IP for both, but specifying either port 22 or 26, to effectively select which computer to use.

I have tried allowing port 26 through OUTPUT of iptables on A and INPUT of B, but that didn't seem to work. I have also forwarded port 26 to the internal IP of B (through the router), as I did with 22 for A.

Here's what I get when I try to SSH from A to B using the external IP and port 26:
```
ssh: connect to host xx.xx.xxx.xx port 26: Connection refused.
```
Versions:
- A = OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
- B = OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
A has 12.04 Ubuntu, B is a Raspberry Pi with Raspbian.

EDIT: Something that I forgot to put in: I did try switching the SSH config file (I found it is /etc/ssh/ssh_config) I uncommented (deleted the #) the line with Port and changed 22 to 26. It gave me the connection refused message still. (I rebooted to no avail.)
- Nerdfest about 11 years
  
  Do yuu ohave SSH running on port 22 or 26 on the second machine?
- steakunderscore almost 11 years
  
  Note that /etc/ssh/ssh_config is the ssh client config. Where as /etc/ssh/sshd_config is the ssh daemon config.
Gary about 11 years

Ahhh...so sshd_config must change, not ssh_config?
Nerdfest about 11 years

Correct. sshd is the service (d is for daemon). Edit the config file (with sudo gedit), then restart the service with "sudo service ssh restart".
Gary about 11 years

Solved the problem. Didn't have to change any firewall settings either.
nnovich-OK almost 6 years

No this is NOT the correct answer. OP had trouble with daemon not listening on desired port. He clearly asked for help with SSH server and/or NAT configuration, but current answer ignores original post and describes client command option already known to OP. I wonder how this answer got so many upvotes.
Pablo Pazos over 5 years

this should be a comment not an answer.
Ultrasonic54321 about 5 years

This is correct to the majority, but this isn't correct to OP's problem.
Daddy32 about 5 years

But but manual says: .... [user@]host[:port]] .... Did I miss something?
Deepak Verma about 4 years

I would not say the OP "clearly asked..." his question, and to me, it appeared that he had problems connecting to port 26. It seemed like he wanted to differentiate the two by specifying a different port for each. It wasn't clear whether the client or server was the issue.
Deepak Verma about 4 years

Thank you for your post - it was what I was looking for. Note to @Daddy32: what you're missing is trying that format. It doesn't work on my system, but the -p option does.
Deepak Verma about 4 years

What ssh client do you use? Doesn't work on Linux Mint's bash shell. You need to use "ssh host -p port".
Sergiy Kolodyazhnyy about 4 years

@MartyFried Hi , sorry for delayed response. What I use is OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018 I'm not aware what Linux Mint uses, but this page community.linuxmint.com/software/view/openssh-client says it's a "portable implementation" so may in fact differ.
Deepak Verma about 4 years

No problem. Mint uses OpenSSH 7.6 Ubuntu, but I see patches from Debian, so I don't know about differences. I followed your link to the OpenSSH BSD man page (man.openbsd.org/ssh), and it looks about the same as the one I have. Too bad, as it would be nice if it used that same format as ftp port specification.
Deepak Verma about 4 years

I was curious, so I searched more and found this web page (linux.die.net/man/1/ssh) from a much older version that looks to be the same, but it shows the format that you used. Interesting, but I don't know what it means. :-)
Manu CJ over 3 years

The great thing about this solution is that you can encode all information (user name, server name, port and even the password) in one string.
Shadi Namrouti over 2 years

How to do the forward solution on the router from port 26 to 22?