Change SSH Port on an Anubiz Offshore VPS
Moving SSH off port 22 does not stop a determined attacker, but it drops scanner noise in your logs by ~95% and gives fail2ban less to filter. This guide changes the SSH port safely without lockout: open the new port first, leave 22 open, test, close 22 only when the new port works. Anubiz Ubuntu 24.04 cloud image with nftables baseline.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Step 1: Pick a Port
Avoid <1024 (privileged), avoid common services (3306, 6379). Pick 22000-22999 range; easy to remember as SSH-ish. Avoid 2222 - it's the second-most-scanned port after 22.
Step 2: nftables First
Add the new port to your input chain BEFORE changing sshd: nft add rule inet filter input tcp dport 22987 accept. Make it persistent in /etc/nftables.conf.
Step 3: sshd Drop-In
/etc/ssh/sshd_config.d/99-port.conf: Port 22 AND Port 22987 (both lines). Reload sshd. SSH listens on both.
Step 4: Test From Outside
ssh -p 22987 root@vps-ip from a second terminal. If it works, remove Port 22 from the drop-in, reload, then drop port 22 from nftables.
Step 5: Update Tools
Edit your ~/.ssh/config: Host anubiz-prod\n HostName vps-ip\n Port 22987. ansible inventory, terraform user_data, deploy scripts - sweep for hardcoded 22.
Related Services
Why Anubiz Host
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.