change ssh port almalinux 8,9

Changing the default SSH port is a crucial step in enhancing server security. The default port, 22, is often targeted by automated attacks and brute force attempts. By switching to a custom port, you can significantly reduce the likelihood of unauthorized access to your server.

Additionally, this small adjustment helps in identifying genuine access attempts more easily, as attackers typically focus on default configurations. Whether you’re managing a personal server or a corporate environment, this simple step adds an extra layer of protection to your system.

Steps to Change the SSH Port

Access the SSH Configuration File

Log in to your server using SSH with root or a sudo-enabled account. Open the SSH configuration file located at /etc/ssh/sshd_config using a text editor, such as nano or vim:

sudo nano /etc/ssh/sshd_config

Modify the SSH Port Directive

Find the line starting with #Port 22. Uncomment the line by removing the # symbol. Replace 22 with your desired port number, such as 2222:

Port 2222

Save and Exit the Configuration File

After making the changes, save the file and exit the text editor. In nano, this can be done by pressing CTRL+O to save and CTRL+X to exit.

Adjust the Firewall Rules

Add the new SSH port to the firewall to allow traffic. Use the following command to permit the new port:

sudo firewall-cmd --permanent --add-port=2222/tcp

Remove the old SSH port to ensure it is no longer accessible:

sudo firewall-cmd --permanent --remove-port=22/tcp

Reload the firewall rules to apply these changes:

sudo firewall-cmd --reload

Test the New SSH Port

Open a new terminal session and connect using the new port to ensure everything is configured correctly:

ssh -p 2222 username@your_server_ip

Verify and Secure the Configuration

Check the server logs to confirm that the changes are functioning properly:

sudo tail -f /var/log/secure

After verifying the new port, disable the default SSH port entirely for enhanced security.

Firewall Configuration

Allow the New SSH Port

To enable access to the new SSH port, use the following command:

sudo firewall-cmd --permanent --add-port=2222/tcp

Remove the Default SSH Port

To enhance security, remove access to the default port (22):

sudo firewall-cmd --permanent --remove-port=22/tcp

Reload Firewall Rules

Apply the changes by reloading the firewall rules:

sudo firewall-cmd --reload

Verify the Firewall Configuration

Ensure that the changes have been applied successfully by listing the active ports:

sudo firewall-cmd --list-all

Testing and Verification

Test the New SSH Port

Open a new terminal and attempt to connect to the server using the new SSH port. Replace username and your_server_ip with your actual server credentials:

ssh -p 2222 username@your_server_ip

If the connection is successful, it indicates that the new port is correctly configured and accessible.

Monitor SSH Logs

To ensure that there are no issues, monitor the SSH logs for any errors or warnings. Use the following command:

sudo tail -f /var/log/secure

This will display real-time logs related to SSH connections.

Verify Open Ports

Check which ports are open and listening for connections on your server. This helps confirm that the new port is active:

sudo ss -tuln | grep 2222

You should see the new port in the output, indicating that the SSH service is listening on it.

Disable the Old Port After Verification

Once you are confident that the new port is functioning correctly, ensure the old port is disabled for added security.

Conclusion

Changing the SSH port is a simple yet effective way to enhance your server’s security by reducing exposure to automated attacks on the default port. By following the steps to modify the configuration, update the firewall, and test the new settings, you ensure a secure and functional SSH setup. Always verify your changes and keep a backup access method in case of errors during the process. Securing SSH access is a critical step toward building a more robust server environment.

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments