Port 22 (SSH)

TCP

Secure Shell — SSH listens on port 22 by default. Many administrators change this to a non-standard port for security through obscurity.

What is Port 22?

Port 22 is the default port for SSH (Secure Shell), the primary protocol for secure remote administration and file transfer on Unix/Linux systems. Developed as a secure replacement for Telnet and rlogin, SSH provides encrypted communication between client and server.

SSH on port 22 supports multiple capabilities: remote shell access, secure file transfer via SCP and SFTP, port forwarding, and tunneling. It uses public-key cryptography for authentication and symmetric encryption for session data, making it resistant to eavesdropping and man-in-the-middle attacks.

Port 22 is one of the most commonly scanned ports on the internet, as gaining SSH access provides full system control. Despite this, SSH remains the gold standard for secure remote access when properly configured with key-based authentication and hardened settings.

Port 22 Security

SSH on port 22 is the most commonly brute-forced port on the internet. Automated bots continuously scan for SSH servers with weak passwords. Key security measures include: disabling password authentication in favor of SSH key pairs, implementing fail2ban or similar intrusion prevention, using non-standard ports, and restricting access via firewall rules.

Additional hardening includes disabling root login (PermitRootLogin no), using AllowUsers/AllowGroups directives, enabling two-factor authentication, and keeping OpenSSH updated. Consider using port knocking or VPN access for an additional security layer.

How to Check Port 22

To check if port 22 is open on a remote host, use nmap: 'nmap -p 22 hostname'. For a quick TCP connection test, use: 'telnet hostname 22' or 'nc -zv hostname 22'. On Windows PowerShell, use: 'Test-NetConnection -ComputerName hostname -Port 22'.

To check if port 22 is listening on your local machine, use: 'netstat -tlnp | grep 22' on Linux, or 'ss -tlnp | grep 22'. On Windows, use: 'netstat -an | findstr 22'. For a comprehensive scan, use: 'nmap -sV -p 22 hostname' to detect the service version running on the port.

Related Ports

Port 21 (FTP) Port 23 (Telnet) Port 443 (HTTPS) Port 3389 (RDP) Port 2222

Frequently Asked Questions

What is port 22 used for?

Port 22 is the default port for Secure Shell (SSH). It is used for ssh communication using the TCP protocol.

Is port 22 TCP or UDP?

Port 22 uses TCP. TCP is used because ssh requires reliable, ordered data delivery.

Should port 22 be open?

Port 22 should only be open if you are actively running SSH. Close unused ports to reduce your attack surface. If needed, restrict access to trusted IP addresses using firewall rules.

How do I check if port 22 is open?

Use 'nmap -p 22 hostname' to scan remotely, or 'netstat -tlnp | grep 22' to check locally on Linux. On Windows, use 'Test-NetConnection -Port 22 hostname' in PowerShell.

How do I secure port 22?

Secure port 22 by restricting access with firewall rules, using encryption (TLS/SSL) where supported, keeping SSH updated, using strong authentication, and monitoring for unauthorized access attempts.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →

Related Tools

Port Reference
Complete network port database
Port Scanner
Scan ports on any host
SSL Check
Verify SSL certificate status
HTTP Headers
View HTTP response headers
Traceroute
Trace network route to host
Speed Test
Test your internet speed