Port 22

SSH - Secure Shell

Port 22: SSH Secure Shell

Protocol TCP
Service SSH (Secure Shell)
Encrypted Yes
IANA Status Official

What is Port 22?

Port 22 is the default port for SSH (Secure Shell), a cryptographic network protocol for secure remote login and command execution. SSH replaced insecure protocols like Telnet and rlogin.

Common Uses

  • Remote shell access: ssh user@server
  • File transfer: SCP and SFTP over SSH
  • Port forwarding: Tunneling other protocols
  • Git operations: [email protected]:user/repo
  • rsync: File synchronization over SSH

Basic Usage

# Connect to server
ssh [email protected]
ssh -p 2222 [email protected]  # Non-default port

# Copy files
scp file.txt user@server:/path/
scp -r folder/ user@server:/path/

# Port forwarding
ssh -L 8080:localhost:80 user@server  # Local
ssh -R 9000:localhost:3000 user@server  # Remote

Key-Based Authentication

# Generate SSH key pair
ssh-keygen -t ed25519 -C "[email protected]"

# Copy public key to server
ssh-copy-id user@server

# Or manually
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys

Security Best Practices

Port 22 is constantly scanned

Bots continuously scan for SSH on port 22. Use strong security measures.

# /etc/ssh/sshd_config

# Disable root login
PermitRootLogin no

# Disable password auth (use keys only)
PasswordAuthentication no

# Only allow specific users
AllowUsers admin deploy

# Change default port (optional)
Port 2222

# Restart SSH
sudo systemctl restart sshd

Fail2Ban Protection

# Install fail2ban
sudo apt install fail2ban

# /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600

sudo systemctl restart fail2ban

Troubleshooting

# Test connection with verbose output
ssh -v user@server

# Check if SSH is running
systemctl status sshd
sudo ss -tlnp | grep :22

# Check SSH logs
sudo tail -f /var/log/auth.log
journalctl -u sshd -f

# Test connection from another machine
nc -zv server.com 22

Common Issues

  • Connection refused: SSH service not running or firewall blocking
  • Permission denied: Wrong key, user, or disabled password auth
  • Host key changed: Server was reinstalled or MITM attempt
  • Connection timeout: Firewall dropping packets

How to Check if Port 22 is Open

Use these commands to verify whether port 22 is reachable from a remote machine or listening locally on the server.

# From a remote machine — test connectivity
nc -zv server.example.com 22         # Netcat
telnet server.example.com 22         # Telnet
nmap -p 22 server.example.com        # Nmap scan
ssh -v [email protected]       # SSH verbose mode

# On the server — check if sshd is listening
sudo ss -tlnp | grep :22
sudo lsof -i :22
sudo netstat -tlnp | grep :22

# Check firewall rules (Linux)
sudo iptables -L -n | grep 22
sudo ufw status | grep 22

SSH Tunneling and Port Forwarding

SSH tunneling lets you securely forward traffic through an encrypted connection. This is commonly used to access databases, internal services, or bypass firewalls.

# Local port forwarding — access remote service locally
# Maps localhost:3306 to db-server:3306 via jump-host
ssh -L 3306:db-server:3306 user@jump-host

# Remote port forwarding — expose local service remotely
# Makes your local port 3000 available on the server at port 9000
ssh -R 9000:localhost:3000 user@server

# Dynamic SOCKS proxy
ssh -D 1080 user@server
# Then configure browser to use SOCKS proxy at localhost:1080

# Jump host / bastion
ssh -J bastion@jump-host user@internal-server

Monitoring SSH with UptimeSignal

If your application depends on SSH access for deployments, file syncing, or tunneling, a port 22 outage can be just as critical as a web server going down. UptimeSignal can monitor TCP port 22 to alert you the moment your SSH server becomes unreachable. Pair it with monitoring on port 443 and port 80 for complete infrastructure visibility.

Frequently Asked Questions

What runs on port 22?
Port 22 is assigned to SSH (Secure Shell), a cryptographic network protocol for secure remote login, command execution, and file transfers. It's used by sshd (the SSH daemon), SCP, SFTP, and Git over SSH. Nearly every Unix/Linux server and macOS machine listens on port 22 by default for remote administration.
How do I check if port 22 is open on a remote server?
The quickest methods are nc -zv hostname 22 (netcat) or nmap -p 22 hostname. You can also run ssh -v user@hostname to get verbose output showing exactly where the connection fails. On the server itself, sudo ss -tlnp | grep :22 confirms whether sshd is listening.
Should I change the default SSH port from 22?
Moving SSH to a non-standard port (e.g., 2222 or 22222) reduces automated brute-force attempts and log noise from bots scanning port 22. However, it's not a substitute for real security measures. Use key-based authentication, disable root login, enable fail2ban, and restrict access with firewall rules. Changing the port is a minor inconvenience for attackers but a bigger inconvenience for your team.
Why is my SSH connection on port 22 being refused?
"Connection refused" means a TCP RST was returned, which indicates: (1) sshd is not running, (2) a firewall is actively rejecting the connection, (3) SSH is configured on a different port, or (4) TCP wrappers in /etc/hosts.deny are blocking your IP. Start debugging with systemctl status sshd on the server and work outward. See our connection refused guide for a full walkthrough.
Is port 22 TCP or UDP?
Port 22 uses TCP exclusively. SSH requires a reliable, ordered, connection-oriented transport which only TCP provides. The IANA officially registers port 22/tcp for SSH. There is no standard use of port 22 over UDP.

Monitor SSH accessibility

UptimeSignal can monitor TCP port 22 to ensure your servers are accessible.

Start monitoring free →

Related Ports & Resources

80 HTTP 443 HTTPS 3306 MySQL 5432 PostgreSQL 6379 Redis Connection Refused Timeout Errors Is It Down? All Ports →