The tutorial will explain about how to change default ssh port number in OpenSSH Server on CentOS 7 and RHEL 7 . We will change the SSH default port no. 22 to our desired number and we will keep SELINUX enabled. We will also add new firewalld rule with respect to new ssh port number.
Generally for security point of view , we change the default ssh port number 22 to any other port number. Always be careful while selecting new port number. We should select the number above the “well known port number” that is above port number 1024 . Also we should not use same application /Utility specific default port number, for example just as we use in tomcat port 8080, MySQL 3306. In simple words, select the port number above 1024 as well as should not conflict with any application/utility/program etc.
Change SSH port number
First take the backup of sshd_config file.And then go for edit.
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)
Now edit the file /etc/ssh/sshd_config. Search for line #Port 22
or Port 22
.
Note: The #
is used for commenting the line. But because ssh has well known port number 22 (below 1024). It will by default listen on port number 22.
Remove # from line Port 22
. And the change 22 to new port number, here we have selected 2292 .
vi /etc/ssh/sshd_config Port 2292
SELINUX for SSH
By default SELINUX only allow port no. 22 for ssh. Now add new port context 2292.
Note: Replace 2292 in case you have selected different port number
semanage port -a -t ssh_port_t -p tcp 2292
Now check once the port context for ssh
semanage port -l | grep ssh
Below given is output from our server
[root@localhost ~]# semanage port -l | grep ssh ssh_port_t tcp 2292, 22 [root@localhost ~]#
Now Restart the SSH service
systemctl restart sshd.service
Allow port 2292 with firewalld
Now allow port number 2292 for ssh. Run the below given command. It will permanently add the new firewalld rule in public zone for port 2292 with TCP protocol.
firewall-cmd --permanent --zone=public --add-port=2292/tcp
Reload firewalld
firewall-cmd --reload
Check listening ssh port with ss command
With ss command, you can find the listening port for ssh. Use below command for this
ss -tnlp|grep ssh
Below given output is reference from our server
[root@localhost ~]# ss -tnlp|grep ssh LISTEN 0 128 *:2292 *:* users:(("sshd",2786,3)) LISTEN 0 128 :::2292 :::* users:(("sshd",2786,4)) [root@localhost ~]#
Try to do ssh access to server by using port no. 2292 from remote client.
ssh -p 2292 root@192.168.56.101
* Change 192.168.56.101 with your server ip address.
* Change 2292 with your new ssh port number as you set while reading this post.
* Change root with user name which is allowed to get ssh access in your server.
Hi,
When i try and do the above, i get an errror when restarting sshd – Failed to start Open ssh server daemon?
Thanks
Mason64
Hi Dave,
Use
sshd -t
to check the syntax error.Regards
Sharad
I did same for AWS EC2 redhat instance, ssh is working on my desired port that is 20022 but still i am not able to login into it. Any idea, thanks in advance
Hello Navdeep,
Check the logs for exact reason. Or while doing ssh use parameter -vvvv . example ssh -vvvv username@server-address. In verbose mode,you may also get error.
Regards
Sharad
Thank you sooo much, that was most helpful example for remote(over internet) connection. 🙂
Nice thnkz!
Dont know why, but this is so hard to find in the oficial docs, and may sites dont have this command. I have a fresh minimal centos7 and even sshd comes installed, the port (yes, even the default) was close.
Thnkz again.
Thankyou ,
Regards
Sharad
Thanks. Its very useful.
Welcome Akila
Regards
Sharad
nice article. can we do the same for telnet. i would like to change the default 23 port to 2323 in centos 7 with 3.10 kernel. can you please let me know the steps.
Thankyou Shyam.
ssh do encrypted communication between servers whereas telnet do not.
I will make tutorial on it and share in blog soon.
Regards
Sharad
Hello Shyam,
Read the post about changing telnet server port number.
https://sharadchhetri.com/2014/12/08/change-telnet-server-port-number-centos-7-rhel-7/
Regards
Sharad