Skip to content 
Introduction
One of the simplest yet most effective ways to improve server security is to change the default port for remote access protocols. Protocols such as SSH and RDP use well-known ports by default (22 and 3389, respectively). This makes them vulnerable to automated attacks and scanning. Changing these ports to non-standard ones can reduce the number of hacking attempts.
Why change the standard port
- Reduce the number of automated attacks. Bots scan networks for open standard ports.
- Camouflage from scanners. A non-standard port will not be displayed as a vulnerability during a superficial scan.
- Additional level of security. This is not a replacement for full protection, but an additional barrier.
Please note: changing the port is not a means of protection against an experienced attacker, but a preventive measure.
How to change the SSH port to a non-standard one
By default, SSH runs on port 22. To change it:
Step 1: Log in to the server
Connect to the server via SSH:
ssh root@your_server_ip Step 2: Open the configuration file
Open the file /etc/ssh/sshd_config using a text editor, such as nano:
nano /etc/ssh/sshd_config
Find the line:
#Port 22 Remove the # symbol and replace the port number:
Port 2222 Replace 2222 with any other available port (for example, between 1025 and 65535).
Step 3: Configure the firewall
Open the selected port in firewalld or iptables. Example for firewalld:
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --reload
Step 4: Restart the SSH service
systemctl restart sshd Step 5: Check the connection
Perform a test connection with the new port:
ssh -p 2222 user@your_server_ip
Important! Do not close the current connection until you are sure that the new one is working.
How to change the RDP port in Windows
By default, the RDP protocol uses port 3389. To change it, you will need to edit the registry.
Step 1: Launch the Registry Editor
Open regedit → go to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Find the PortNumber parameter and open it. Select the Decimal representation type, then specify the new port number (for example, 3390).
Step 2: Configure the Windows firewall
Open access to the new port:
netsh advfirewall firewall add rule name="RDP Custom Port" protocol=TCP dir=in localport=3390 action=allow Step 3: Restart your computer
You will need to restart your computer for the changes to take effect.
Step 4: Connect using the new port
In the Remote Desktop Connection client, specify the port manually:
your_server_ip:3390 Important recommendations
- Remember the new port. Otherwise, you may lose access to the server.
- Do not use ports that are already occupied by other services. For example, 80, 443, 3306, etc.
- Add the new port to the firewall exceptions before restarting the service.
- Use non-standard ports as part of your overall security system. Install fail2ban, two-factor authentication, and a VPN.
Conclusion
Changing to a non-standard port is a simple but effective security measure. It’s not a panacea, but it’s an excellent first step toward protecting your server from attacks. By properly configuring your SSH and RDP ports, you reduce the likelihood of automated hacking attempts and show that you care about the security of your environment.
Use this solution in conjunction with other security measures, and your server will be well protected.
