Changing the SSH port from the default to another number will not affect your day-to-day use of the computer. You won’t notice a difference once the change is set up.
To make the change involves a couple of steps.
First, get your server working.
Install OpenSSH
https://ubuntu.com/server/docs/openssh-server
Your server needs to have a fixed internal IP address. That’s where the router will send SSH connection requests. In my ASUS router the assignment of a fixed internal IP address is at LAN > DHCP Server > Manual Assignment > click “Yes” to enable it. You then put in MAC address of your server. You can get the MAC address from the list of clients using your router. In my router this is called the Network Map.
In the router there’s a feature called “port forwarding”. Exactly where this is in the router interface varies with the brand. In my ASUS router it’s at WAN > Virtual Server / Port Forwarding. SSH and SFTP connection requests are forwarded to Port 22. You tell the router to forward Port 22 requests to the fixed internal IP address you just assigned to your server.
At this point you have a working server accepting connections via Port 22, the default setting.
If you want to change to a non-default port number you have to take two steps:
You need to choose a new number. There are 65,535 ports available but some are in use by other services so don’t choose one of those. This article will help you find unused port numbers: Common Ports Cheat Sheet: The Ultimate List
Once you have chosen what port number to use you put the new number in the router’s Port Forwarding setting. You erase “22” and put in the new port number. “22” will no longer be used for anything.
The other necessary step is to edit the sshd_config file (which is etc/ssh/sshd_config.d/sshd_config) Find the lines that say
What ports, IPs and protocols we listen for
Port 22
and change the 22 to your chosen port.
It sounds complicated but it’s just a chain of events. An outside request comes in asking for an SSH connection to port 22. But now no machine is listening to that port. The connection attempt goes nowhere.
But you come in asking for an SSH connection to your chosen port, like this:
ssh -p (your-port-number) (your external IP address)
The -p needs to be a lower case p.
This sends an SSH connection request to your server at the port your server is listening to.
For an SFTP connection the command is similar:
sftp -P (your-port-number) (your-external-IP-address)
You have to use an uppercase -P here. I don’t know why there’s a difference.
In place of “your external IP address” you can use your DNS address.
An optional step (unrelated to changing the port): disable password authentication and use only public-key/private-key authentication. You make this change by editing that ssh_config file. This sets things so that you don’t have to type any password and only computers with pre-shared public keys in your server will be allowed in. Makes you pretty certainly un-hackable. There are lots of articles on the web about this.