diff --git a/specs/004-vps-migration/spec.md b/specs/004-vps-migration/spec.md
index 831c870..b7f7531 100644
--- a/specs/004-vps-migration/spec.md
+++ b/specs/004-vps-migration/spec.md
@@ -141,7 +141,7 @@ As an operator, I want a checklist of potential missing configuration from exist
 - **FR-007**: The system MUST create service users and groups for deployment workflows and grant SSH access via specified public keys.
 - **FR-008**: The system MUST configure SSH access for all standard admin hosts and update the VPS connection target to the new public IP.
 - **FR-016**: The system MUST grant SSH access only to workstation, server, deacero, and galaxy admin hosts.
-- **FR-017**: The system MUST configure SSHD to use a non-default port and disable root/password authentication to match the existing VPS security posture.
+- **FR-017**: The system MUST configure SSHD to use port 3456 and disable root/password authentication to match the existing VPS security posture.
 - **FR-018**: The system MUST harden remote rebuild access by using a non-root SSH user with least-privilege access for rebuild operations.
 - **FR-009**: The system MUST update dependent host configurations so existing VPN client connections target the new VPS.
 - **FR-010**: The system MUST review provided history logs and produce a clarification list of potential missing configurations.