Introduction

Secure Shell (SSH) is the standard protocol used by system administrators and DevOps engineers to securely access and manage Linux servers remotely. By default, SSH listens on port 22. However, many organizations configure SSH to use a custom port to reduce exposure to automated attacks and enhance security.

There are situations where administrators need to identify the configured SSH port, such as troubleshooting connection issues, validating server configurations, performing security audits, or onboarding new team members. This guide explains multiple methods to find a custom SSH port number on Linux systems quickly and efficiently.

Why Use a Custom SSH Port?

Although changing the SSH port is not a replacement for proper security controls, it provides an additional layer of protection by reducing noise from automated bots scanning port 22.

Common reasons for using a custom SSH port include:

  • Reducing automated brute-force attacks
  • Improving security through obscurity
  • Meeting organizational security requirements
  • Separating administrative access from standard services

Prerequisites

Before proceeding, ensure you have:

  • Access to the Linux server
  • Sudo or root privileges (recommended)
  • Basic knowledge of Linux command-line operations

Method 1: Check the SSH Configuration File

The most reliable method is to inspect the SSH daemon configuration file.

View the SSH Port Configuration

sudo grep -i "^Port" /etc/ssh/sshd_config

Example output:

Port 2222

This indicates that SSH is configured to listen on port 2222.

Check Additional Configuration Files

Some Linux distributions include additional SSH configuration files.

sudo grep -Ri "^Port" /etc/ssh/

Example output:

/etc/ssh/sshd_config:Port 2222
/etc/ssh/sshd_config.d/custom.conf:Port 2200

Review all matching entries to determine the active configuration.

Method 2: Verify Listening SSH Ports

You can identify the active SSH port by checking which ports the SSH service is listening on.

Using ss Command

sudo ss -tulpn | grep ssh

Example output:

tcp   LISTEN  0  128  0.0.0.0:2222  0.0.0.0:*  users:(("sshd",pid=1001))

The server is listening on port 2222.

Using netstat

If available:

sudo netstat -tulpn | grep ssh

Example output:

tcp  0  0 0.0.0.0:2222  0.0.0.0:*  LISTEN  1001/sshd

Method 3: Use lsof to Find SSH Listening Ports

The lsof utility can display open network sockets.

sudo lsof -i -P -n | grep sshd

Example output:

sshd  1001 root  3u  IPv4  12345  TCP *:2222 (LISTEN)

This confirms SSH is listening on port 2222.

Method 4: Check Running SSHD Process

View the SSH daemon process details:

ps -ef | grep sshd

Although this may not directly display the port number, it helps verify that the SSH daemon is running correctly.

Method 5: Verify with Systemctl

Check the status of the SSH service.

For Ubuntu/Debian:

sudo systemctl status ssh

For RHEL/CentOS/Rocky Linux:

sudo systemctl status sshd

You can also inspect logs for startup information:

sudo journalctl -u sshd

or

sudo journalctl -u ssh

Method 6: Test SSH Connectivity Locally

If you suspect a custom port, test connectivity using:

ssh -p 2222 localhost

Replace 2222 with the suspected port.

Successful authentication confirms the SSH service is listening on that port.

Method 7: Find SSH Port Remotely

If you do not have direct server access, you can scan for open ports.

Using Nmap

nmap -sV <server-ip>

Example output:

PORT     STATE SERVICE VERSION
2222/tcp open  ssh     OpenSSH 9.0

For a focused scan:

nmap -p 1-65535 <server-ip> | grep ssh

This identifies the SSH service running on a non-standard port.

Troubleshooting Tips

SSH Service Not Running

Verify service status:

sudo systemctl status sshd

Start the service if needed:

sudo systemctl start sshd

Firewall Blocking the Port

Check firewall rules:

For firewalld:

sudo firewall-cmd --list-all

For UFW:

sudo ufw status

Ensure the custom SSH port is allowed.

SELinux Restrictions

On SELinux-enabled systems:

sudo semanage port -l | grep ssh

Verify the configured port is permitted for SSH traffic.

Security Best Practices

When using a custom SSH port:

  • Disable password authentication where possible
  • Use SSH key-based authentication
  • Restrict root login
  • Enable multi-factor authentication
  • Configure firewall rules to limit SSH access
  • Monitor authentication logs regularly
  • Keep OpenSSH packages updated

Example SSH hardening settings:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Conclusion

Identifying a custom SSH port is a common task for Linux administrators, especially when troubleshooting connectivity issues or reviewing server security configurations. The most effective approach is to inspect the SSH configuration file, while tools such as ss, netstat, lsof, and nmap provide additional verification. By understanding these methods and following SSH security best practices, administrators can maintain secure and reliable remote access to their Linux servers.

Whether you’re managing a single server or a large enterprise environment, knowing how to quickly determine the active SSH port is an essential skill that improves operational efficiency and security.

Post Views: 89

Leave a Reply