How to Properly Change SSH Port in Ubuntu 24.04: Troubleshooting Port Binding Issues


1 views

When modifying SSH configurations on Ubuntu, simply editing sshd_config and restarting the service sometimes isn't enough. The original poster's situation shows SSH still bound to port 22 despite configuration changes.

First, let's confirm what ports SSH is actually using:

sudo ss -tulnp | grep sshd
sudo grep -i port /etc/ssh/sshd_config

Several factors could cause this behavior:

  • Multiple Port directives in sshd_config
  • Use of both IPv4 and IPv6
  • Configuration file not being properly reloaded
  • Firewall rules interfering

Here's the proper sequence to change SSH ports:

1. Backup original config:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

2. Edit the configuration:

sudo nano /etc/ssh/sshd_config

3. Ensure you have only one Port directive (comment out others):

#Port 22
Port 2222

4. For IPv6 compatibility:

#AddressFamily any
AddressFamily inet

5. Reload SSH service:

sudo systemctl restart ssh

After making changes, verify with:

sudo netstat -tulnp | grep ssh
sudo systemctl status ssh

Don't forget to update firewall rules:

sudo ufw allow 2222/tcp
sudo ufw delete allow 22/tcp
sudo ufw reload

If issues persist:

sudo journalctl -u ssh --since "1 hour ago" -f
sudo sshd -t

When attempting to modify the default SSH port from 22 to 2222 on a fresh Ubuntu 24.04 installation, the service continues listening on port 22 despite configuration changes and service restart. This behavior is confirmed by both connection attempts and system socket inspection:

> ss -tulpn | grep ssh
tcp   LISTEN 0  4096  *:22  *:*  users:(("sshd",pid=16720,fd=3))

The standard modification to /etc/ssh/sshd_config appears correct:

# Original line: #Port 22
Port 2222

However, Ubuntu 24.04 implements additional security layers that affect service binding.

Modern Ubuntu uses socket activation for SSH through ssh.socket unit. Check active units:

systemctl list-units | grep ssh

You'll likely see both ssh.service and ssh.socket running.

To properly change the port, we need multiple adjustments:

# 1. Disable socket activation
sudo systemctl stop ssh.socket
sudo systemctl disable ssh.socket

# 2. Update sshd_config
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config

# 3. Adjust SELinux (if enabled)
sudo apt install policycoreutils
sudo semanage port -a -t ssh_port_t -p tcp 2222

# 4. Update firewall rules
sudo ufw allow 2222/tcp
sudo ufw deny 22/tcp

# 5. Full service restart
sudo systemctl restart ssh.service

Confirm successful port change:

ss -tulpn | grep ssh
netstat -tulnp | grep ssh
sudo lsof -i :2222

For advanced setups using multiple ports:

# /etc/ssh/sshd_config
Port 22
Port 2222

Then specifically bind to each address:

ListenAddress 192.168.1.100:22
ListenAddress 10.0.0.100:2222

If problems persist, check for:

# Conflicting sshd instances
ps aux | grep sshd

# Configuration syntax errors
sudo sshd -t

# AppArmor restrictions
sudo aa-status | grep ssh