how to change ssh port number in centos 7

SSH (Secure Shell) is a protocol widely used for remote system administration, offering secure communication between the client and the server. By default, SSH uses port 22 for communication. However, security experts recommend changing this default port to a custom number to make it harder for attackers to find and exploit the SSH service. Changing the SSH port is one of the easiest ways to add an additional layer of security to your server. The new port number should be chosen carefully to avoid conflicts with other services, and it should be a high, non-well-known port to further obfuscate access points. Once the port is changed, firewall settings need to be updated, and SELinux configurations should be adjusted if enabled.

Updating the SSH Configuration File

To change the SSH port in CentOS 7, you will need to modify the configuration file located at /etc/ssh/sshd_config.

Start by opening this file with a text editor like nano or vi. Look for the line that says #Port 22. The # symbol means the line is commented out, and the default SSH port 22 is in use. Remove the # and change the port number from 22 to your desired port, for example, Port 1234.

After making the change, save the file and exit the editor. If using nano, press Ctrl + X, then Y to confirm, and Enter to save.

Once you’ve updated the configuration file, restart the SSH service to apply the changes. Use the following command to restart the service:

sudo systemctl restart sshd

You will also need to update your firewall to allow traffic on the new port. Use the following commands to add the new port to the firewall:

sudo firewall-cmd --permanent --zone=public --add-port=1234/tcp
sudo firewall-cmd --reload

Additionally, if SELinux is enabled, you need to update it to allow the new port. Run this command:

sudo semanage port -a -t ssh_port_t -p tcp 1234

Finally, test the connection by using the new port number:

ssh -p 1234 username@your-server-ip

This process ensures that SSH on CentOS 7 runs on your chosen port instead of the default port 22. Always remember to modify any other relevant configurations such as SSH clients or firewalls to use the updated port.

Configuring Firewall Rules for SSH Port Change in CentOS 7

After changing the SSH port, you need to update your firewall rules to allow traffic on the new port. Here’s how you can do that:

First, you need to open the new SSH port in the firewall. For example, if you have set the SSH port to 1234, you can allow traffic on this port by running the following command

sudo firewall-cmd --permanent --zone=public --add-port=1234/tcp

After adding the new port, you need to reload the firewall to apply the changes. Use the following command to reload the firewall:

sudo firewall-cmd --reload

To confirm that the new port is open, you can check the firewall rules with this command:

sudo firewall-cmd --list-all

If you want to improve security by disabling the old SSH port 22, you can remove it from the firewall by using this command:

sudo firewall-cmd --permanent --zone=public --remove-port=22/tcp
sudo firewall-cmd --reload

Finally, check the firewall’s status to ensure it’s running correctly and that your changes have been applied:

sudo systemctl status firewalld

By following these steps, you can ensure that the firewall is configured to allow SSH on your new port while securing the old default port if needed.

Configuring SELinux for the New SSH Port in CentOS 7

If SELinux is enabled on your CentOS 7 system, you need to ensure that it allows traffic on the new SSH port. By default, SELinux allows only the standard SSH port (22). When you change the SSH port, SELinux will need to be updated to recognize the new port.

To configure SELinux for your new SSH port (e.g., 1234), follow these steps:

First, use the semanage command to add the new port to SELinux’s allowed ports list for SSH. Run the following command, replacing 1234 with your new port number:

sudo semanage port -a -t ssh_port_t -p tcp 1234

This command adds the new port to SELinux’s list of allowed ports for SSH connections. The -t ssh_port_t specifies the type of service (SSH), and -p tcp ensures that the port uses the TCP protocol.

If the semanage command is not available, you can install the required package with:

sudo yum install policycoreutils-python

After adding the new port, it’s a good idea to check the SELinux status to ensure that the changes are correctly applied. You can check the status with:

sudo getenforce

If SELinux is enforcing, it should now accept SSH connections on the new port.

Finally, test the SSH connection using the new port:

ssh -p 1234 username@your-server-ip

This ensures that both your firewall and SELinux are correctly configured to allow SSH on the new port.

Testing the New SSH Port in CentOS 7

After changing the SSH port, it’s essential to ensure that everything is working properly by testing the new configuration. Here are some steps you can follow to test the new SSH port:

First, try connecting to the server using the ssh command with the new port number. For example, if you changed the port to 1234, use the following command:

ssh -p 1234 username@your-server-ip

Replace username with your actual username and your-server-ip with the server’s IP address. If the connection is successful, it means the new port is working correctly.

If you are unable to connect, check your firewall and SELinux configurations. Make sure the new port is properly opened in both the firewall and SELinux settings.

You can also test the connection from another remote server or machine to ensure the new SSH port works from different locations.

In case you encounter any issues, double-check the SSH configuration, firewall rules, and SELinux settings. You may also want to verify that the SSH service has been restarted after making changes.

If needed, you can revert to the default SSH port 22 by editing the SSH configuration file and restarting the SSH service again.

Restarting the SSH Service in CentOS 7

After modifying the SSH configuration (such as changing the port), it’s necessary to restart the SSH service for the changes to take effect. Here’s how to restart the SSH service on CentOS 7:

To restart the SSH service, run the following systemd command:

sudo systemctl restart sshd

This command will stop and then restart the SSH service, ensuring that your changes are applied.

After restarting, you can check the status of the SSH service to ensure it’s running correctly with:

sudo systemctl status sshd

This will show the status of the sshd service. If it’s active and running, you can be sure that the service has restarted successfully.

Make sure to test the new port configuration by connecting to the server using the new port, as detailed earlier. It’s a good practice to leave an existing SSH session open while testing the new port to avoid locking yourself out of the server.

By restarting the SSH service, your server will be configured to use the new port or other SSH settings you’ve applied.

Conclusion

Changing the SSH port on CentOS 7 is an effective way to enhance the security of your server. By following the proper steps—modifying the SSH configuration file, updating firewall and SELinux settings, and restarting the SSH service—you ensure that your server is accessible through the new port while maintaining system security.

Remember to test the new configuration to verify that everything is working as expected and to avoid any connection issues. With these configurations in place, you reduce the risk of automated attacks targeting the default SSH port, helping to secure your server from unauthorized access.

Always verify that your changes are applied correctly and monitor access to your server to ensure continued security.

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments