Changing the default port of ssh is not a huge improvement in security, but I’ve found it to be a useful tool in keeping log files free from failed login attempts with username root on port 22 (and I hope you do spend the time to review your log files!). A large number of scripts run scans on the default ssh port of 22 looking for known vulnerabilities. Of course, you should keep ssh fully patched, however rapidly growing log files is a problem all its own.
One of the easiest ways to keep your log files from filling up with failed login attempts is to change the ssh port.
Update the port to a new value, such as:
Once you’ve updated sshd, you may also which to update ssh for convenience:
Uncomment the line with Port, and set it to the same value that you set in the sshd_config file:
Lastly, reload the sshd daemon:
Open a 2nd ssh session to the server to ensure everything is working.
I recommend you keep the original session open in case you get something wrong in your configuration.