Managing SSH Settings

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this lab, we will look at how to manage SSH settings on a Linux host. We will change the default listening port of SSH on a Linux host. Then, we’ll configure SSH restrictions on the host to only permit SSH from a specific subnet.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Change the default SSH port 22 to port 22000.
  1. To change the default port of 22 to 22000 for SSH, we’ll need to edit the sshd_config file with the following command:

    sudo nano /etc/ssh/sshd_config
  2. Then, we’ll need to edit one of the lines:

    Uncomment "#Port 22" and replace 22 with 22000
  3. Now, we’ll need to restart the SSH service:

    sudo service sshd restart
Restrict SSH by Source IP using TCP Wrappers.
  1. We will need to edit the hosts.allow and hosts.deny files used by TCP Wrappers. Let’s start with the hosts.deny file:

    sudo nano /etc/hosts.deny

    Add the line:

    sshd : ALL

    Then, save and exit the file.

  2. Now we need to edit the hosts.allow file:

    sudo nano /etc/hosts.allow  

    Add the following line:

    sshd :  

    Save and close the file.

Additional Resources

A new Linux server has been built to support a new medical records application. Your supervisor has requested you change the SSH listening port on the server from port 22 to port 22000. You've also been asked to only permit SSH access to this new host from the local server subnet of

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?