Skip to content

Commit c520a7f

Browse files
desimonedesimone
committed
docs: update SSH port recommendation to 2200
Changed default recommended SSH port from 22 to 2200 to avoid conflicts with existing SSH daemons. Added guidance for users who need to use port 22 instead. Used Linear MCP server & Claude Code to fetch the ticket details and implement the changes. Fixes #ENG-2975
1 parent edc9c59 commit c520a7f

File tree

1 file changed

+15
-3
lines changed

1 file changed

+15
-3
lines changed

content/docs/guides/zero-ssh.md

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -154,8 +154,19 @@ When creating your first SSH route, Pomerium Zero will prompt you to configure g
154154

155155
- **Field:** SSH Address
156156
- **Value:** Enter the address and port where Pomerium will listen for SSH connections
157-
- **Example:** `0.0.0.0:22` (to listen on all interfaces, port 22\)
158-
- **Note:** Use a different port if port 22 is already in use by another service
157+
- **Example:** `0.0.0.0:2200` (to listen on all interfaces, port 2200\)
158+
- **Note:** We recommend using port 2200 to avoid conflicts with the standard SSH daemon (sshd) that typically runs on port 22
159+
160+
:::tip Using Port 22
161+
162+
If you want Pomerium to listen on port 22 instead, you'll need to either:
163+
164+
- Stop your existing SSH daemon: `sudo systemctl stop sshd && sudo systemctl disable sshd`
165+
- Or configure your SSH daemon to listen on a different port by modifying `/etc/ssh/sshd_config` and setting `Port 2200` (or another port), then restart sshd
166+
167+
Keep in mind that using port 22 requires Pomerium to run with elevated privileges to bind to privileged ports (ports below 1024).
168+
169+
:::
159170

160171
#### SSH Host Keys Configuration
161172

@@ -337,7 +348,8 @@ After your first SSH route is configured, the global SSH settings are saved. For
337348

338349
**Port configuration issues:**
339350

340-
- If using a non-standard port, ensure you're connecting to Pomerium and not the SSH server already running on port 22
351+
- Pomerium listens on port 2200 by default (not port 22) to avoid conflicts with existing SSH daemons
352+
- Ensure you're connecting to Pomerium (port 2200 by default) and not directly to the target SSH server (typically port 22)
341353
- Verify the SSH Address configured in Pomerium Zero matches the port you're connecting to
342354
- Check that your DNS or hostname resolves to Pomerium, not directly to the target server
343355

0 commit comments

Comments
 (0)