diff --git a/bench/cli.py b/bench/cli.py
index 033a272a..693240ea 100755
--- a/bench/cli.py
+++ b/bench/cli.py
@@ -47,7 +47,7 @@ def check_uid():
 		sys.exit(1)
 
 def cmd_requires_root():
-	if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'reload-nginx', 'firewall'):
+	if len(sys.argv) > 2 and sys.argv[2] in ('production', 'sudoers', 'lets-encrypt', 'fonts', 'reload-nginx', 'firewall', 'ssh-port'):
 	    return True
 	if len(sys.argv) >= 2 and sys.argv[1] in ('patch', 'renew-lets-encrypt', 'disable-production'):
 	    return True
diff --git a/bench/commands/setup.py b/bench/commands/setup.py
index 5f7a8650..0a8a9ecd 100755
--- a/bench/commands/setup.py
+++ b/bench/commands/setup.py
@@ -84,6 +84,17 @@ def setup_firewall():
 		abort=True)
 	run_playbook('production/setup_firewall.yml')
 
+@click.command('ssh-port')
+@click.argument('port')
+def set_ssh_port(port):
+	"Setup firewall"
+	from bench.utils import run_playbook
+	click.confirm('This will change your SSH Port to {}\n'
+		'Do you want to continue?'.format(port),
+		abort=True)
+	run_playbook('production/change_ssh_port.yml', {"ssh_port": port})
+
+
 @click.command('lets-encrypt')
 @click.argument('site')
 @click.option('--custom-domain')
@@ -180,3 +191,4 @@ setup.add_command(add_domain)
 setup.add_command(remove_domain)
 setup.add_command(sync_domains)
 setup.add_command(setup_firewall)
+setup.add_command(set_ssh_port)
diff --git a/bench/utils.py b/bench/utils.py
index 5aaf99a4..d854b4bd 100755
--- a/bench/utils.py
+++ b/bench/utils.py
@@ -687,9 +687,11 @@ def set_git_remote_url(git_url, bench_path='.'):
 	if os.path.exists(os.path.join(app_dir, '.git')):
 		exec_cmd("git remote set-url upstream {}".format(git_url), cwd=app_dir)
 
-def run_playbook(playbook_name):
+def run_playbook(playbook_name, extra_vars=None):
 	if not find_executable('ansible'):
 		print "Ansible is needed to run this command, please install it using 'pip install ansible'"
 		sys.exit(1)
 	args = ['ansible-playbook', '-c', 'local', playbook_name]
+	if extra_vars:
+		args.extend(['--extra-vars=' + json.dumps(extra_vars)])
 	subprocess.check_call(args, cwd=os.path.join(os.path.dirname(bench.__path__[0]), 'playbooks'))
diff --git a/playbooks/production/change_ssh_port.yml b/playbooks/production/change_ssh_port.yml
new file mode 100755
index 00000000..a0bd21f8
--- /dev/null
+++ b/playbooks/production/change_ssh_port.yml
@@ -0,0 +1,14 @@
+- name: Change ssh port
+  gather_facts: false
+  hosts: localhost
+  user: root
+  tasks:
+    - name: change sshd config
+      lineinfile: >
+        dest=/etc/ssh/sshd_config
+        regexp="^Port"
+        line="Port {{ ssh_port }}"
+        state=present
+
+    - name: restart ssh
+      service: name=sshd state=reloaded