What you will read?
Changing the default SSH port on RHEL 8 is an important practice for enhancing the security of your server. By default, SSH runs on port 22, which is widely known and often targeted by attackers. Changing the port to a non-standard one can make it harder for malicious actors to successfully guess the port and launch brute-force attacks. While this is not a replacement for more robust security measures, such as using SSH keys and firewalls, it adds an extra layer of protection to your system.
Step-by-Step Guide to Change SSH Port
Check the Current SSH Port
Before making any changes, confirm the current SSH port by inspecting the SSH configuration file. You can check this by running the command:
sudo grep Port /etc/ssh/sshd_config
This will show the current port setting, which is typically 22 by default.
Edit the SSH Configuration File
To change the SSH port, open the SSH configuration file with a text editor like nano
or vim
:
sudo nano /etc/ssh/sshd_config
Look for the line starting with #Port 22
, remove the #
, and replace 22
with the desired port number (for example, Port 2222
).
Configure the Firewall
Once the port has been changed, update the firewall to allow traffic on the new port. For example, if using firewalld
, run:
sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload
For ufw
, you can allow the port using:
sudo ufw allow 2222/tcp
Restart the SSH Service
After making changes, restart the SSH service for them to take effect:
sudo systemctl restart sshd
Test the New SSH Port
To test that the port change was successful, use the following command to connect via SSH:
ssh -p 2222 user@hostname
Replace 2222
with the new port and user@hostname
with your server’s details.
Verify Changes
Finally, verify that the SSH service is listening on the new port by running:
sudo ss -tuln | grep 2222
Troubleshooting Common Issues
When changing the SSH port, there are a few common issues that may arise. Here are the steps to troubleshoot them:
SSH Connection Refused
If you cannot connect to your server after changing the SSH port, ensure that the new port is allowed through the firewall and that you correctly edited the /etc/ssh/sshd_config
file. Double-check that the port number is not being blocked or restricted by the firewall. Also, verify that the SSH service has been restarted and is actively listening on the new port. If you’ve changed the port to something that’s already in use by another service, the SSH daemon might fail to start. Use the netstat
or ss
command to check for port conflicts.
Firewall Rules Not Updated
A frequent issue after changing the SSH port is forgetting to update the firewall rules. Make sure that the new port is added to your firewall’s allowed list. If using firewalld
, the commands to add the new port are:
sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload
If using ufw
, use:
sudo ufw allow 2222/tcp
SSH Daemon Not Restarted
Another common mistake is forgetting to restart the SSH service after changing the port. Ensure that the following command is run to apply the changes:
sudo systemctl restart sshd
Incorrect SSH Configuration
If you mistakenly set the wrong port number or made a typo in the configuration file, SSH may fail to start. Check the /etc/ssh/sshd_config
file for errors and verify that the port setting is correctly applied without any syntax issues.
Access Denied (Permissions Issue)
In some cases, after changing the port, the server may reject access due to permission or authentication errors. Verify that the correct user credentials are being used and check for any misconfigurations in the authentication settings.
Conclusion
Changing the SSH port on a RHEL 8 system is a straightforward task that can significantly improve the security of your server by reducing exposure to automated attacks targeting the default port (22). Following the step-by-step guide ensures that the configuration is done correctly and that your server remains secure. It’s crucial to also update firewall settings and restart the SSH service after making changes. Troubleshooting common issues like connection refusal or firewall misconfigurations will help maintain a smooth operation.
By properly configuring the SSH port and addressing potential issues, you can enhance the security of your server without compromising accessibility.