change ssh port rhel 8

Changing the default SSH port on RHEL 8 is an important practice for enhancing the security of your server. By default, SSH runs on port 22, which is widely known and often targeted by attackers. Changing the port to a non-standard one can make it harder for malicious actors to successfully guess the port and launch brute-force attacks. While this is not a replacement for more robust security measures, such as using SSH keys and firewalls, it adds an extra layer of protection to your system.

Step-by-Step Guide to Change SSH Port

Check the Current SSH Port
Before making any changes, confirm the current SSH port by inspecting the SSH configuration file. You can check this by running the command:

sudo grep Port /etc/ssh/sshd_config

This will show the current port setting, which is typically 22 by default.

Edit the SSH Configuration File
To change the SSH port, open the SSH configuration file with a text editor like nano or vim:

sudo nano /etc/ssh/sshd_config

Look for the line starting with #Port 22, remove the #, and replace 22 with the desired port number (for example, Port 2222).

Configure the Firewall
Once the port has been changed, update the firewall to allow traffic on the new port. For example, if using firewalld, run:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

For ufw, you can allow the port using:

sudo ufw allow 2222/tcp

Restart the SSH Service
After making changes, restart the SSH service for them to take effect:

sudo systemctl restart sshd

Test the New SSH Port
To test that the port change was successful, use the following command to connect via SSH:

ssh -p 2222 user@hostname

Replace 2222 with the new port and user@hostname with your server’s details.

Verify Changes
Finally, verify that the SSH service is listening on the new port by running:

sudo ss -tuln | grep 2222

Troubleshooting Common Issues

When changing the SSH port, there are a few common issues that may arise. Here are the steps to troubleshoot them:

SSH Connection Refused
If you cannot connect to your server after changing the SSH port, ensure that the new port is allowed through the firewall and that you correctly edited the /etc/ssh/sshd_config file. Double-check that the port number is not being blocked or restricted by the firewall. Also, verify that the SSH service has been restarted and is actively listening on the new port. If you’ve changed the port to something that’s already in use by another service, the SSH daemon might fail to start. Use the netstat or ss command to check for port conflicts.

Firewall Rules Not Updated
A frequent issue after changing the SSH port is forgetting to update the firewall rules. Make sure that the new port is added to your firewall’s allowed list. If using firewalld, the commands to add the new port are:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

If using ufw, use:

sudo ufw allow 2222/tcp

SSH Daemon Not Restarted
Another common mistake is forgetting to restart the SSH service after changing the port. Ensure that the following command is run to apply the changes:

sudo systemctl restart sshd

Incorrect SSH Configuration
If you mistakenly set the wrong port number or made a typo in the configuration file, SSH may fail to start. Check the /etc/ssh/sshd_config file for errors and verify that the port setting is correctly applied without any syntax issues.

Access Denied (Permissions Issue)
In some cases, after changing the port, the server may reject access due to permission or authentication errors. Verify that the correct user credentials are being used and check for any misconfigurations in the authentication settings.

Conclusion

Changing the SSH port on a RHEL 8 system is a straightforward task that can significantly improve the security of your server by reducing exposure to automated attacks targeting the default port (22). Following the step-by-step guide ensures that the configuration is done correctly and that your server remains secure. It’s crucial to also update firewall settings and restart the SSH service after making changes. Troubleshooting common issues like connection refusal or firewall misconfigurations will help maintain a smooth operation.

By properly configuring the SSH port and addressing potential issues, you can enhance the security of your server without compromising accessibility.

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments