port 22 · SSH
Port 22 — SSH
Port 22 is SSH (IANA-assigned). On servers, this is your remote-access lifeline — be careful with operations that bind/unbind it. Local: usually OpenSSH server. Remote scans on port 22 are constant background noise.
intermediate
SSH
Find the process + connect / kill
sudo lsof -i :22 # COMMAND PID USER ... # sshd 1234 root ... # Connection inventory: ss -tnp 'sport = 22' # show all SSH connections # Check sshd config: sshd -T | grep -i port # Move to non-22: # Edit /etc/ssh/sshd_config: Port 2222 # systemctl restart ssh ← VERIFY new connection BEFORE closing old session
Typical services on this port
- OpenSSH server (`sshd`)
- Dropbear (embedded systems)
- GitHub / GitLab SSH endpoints
- Bastion host SSH proxy
Alternatives
Many sysadmins move SSH to 2222, 22022, or random high port (e.g. 31337) to reduce log noise from internet-wide scans. Doesn't add real security — port 22 + key auth is fine.
Common pitfalls
| Input | Result |
|---|---|
| ⚠ WARNING: editing sshd_config and `systemctl restart ssh` while connected via SSH = if config breaks, you're locked out. Always: keep current session open + open NEW session in parallel to verify before closing original. | |
| ⚠ Killing `sshd` while logged in via SSH may or may not drop your session (depends on how the daemon was launched). Test in throwaway VM first. | |
| ⚠ Port 22 internet-facing without key-only auth + fail2ban = guaranteed brute-force compromise within hours. | |
Edge cases & caveats
Common use cases
- SSH server hardening audit
- Diagnose 'connection refused' to remote host
- Migrating SSH to non-default port
- Server access investigation
See what's bound to your local ports
portcheck shows pid, command, user, address — faster than netstat, simpler than ss. Linux + macOS, zero dependencies, MIT-licensed.
Open portcheck
Related
Cheatsheet of common dev ports · PostgreSQL · Alternate HTTP / proxies / Tomcat · Node.js dev server (default)