DropVPS Team
Writer: Cooper Reagan
Rocky linux change ssh port
Table of Contents
What you will read?
SSH, or Secure Shell, is a network protocol that allows users to securely connect to and manage remote servers. This protocol is especially important in the world of server and network management, as it enables remote access to Linux servers, allowing necessary adjustments and configurations. SSH typically uses the default port 22, which, due to its widespread use, is often a target for common attacks, especially brute-force attacks.
Steps to Change the SSH Port
Edit the sshd_config Configuration File
First, open the SSH configuration file named sshd_config using a text editor. This file is usually located at /etc/ssh/sshd_config.
sudo nano /etc/ssh/sshd_configChoose a New Port and Apply Changes
In this file, look for a line that starts with #Port 22. Find this line, remove the #, and change the number 22 to the port you want SSH to use. For example:
Port 2200Make sure to choose a port number that isn’t already in use by another service.
Save and Close the Configuration File
After making the changes, save and close the file. If using nano, you can do this by pressing CTRL + X, then Y, and pressing Enter.
Configure the Firewall for the New Port
To allow access to the new port, configure the firewall to permit incoming connections through it.
If you’re using firewalld, run the following commands:
sudo firewall-cmd --permanent --add-port=2200/tcp
sudo firewall-cmd --reloadRestart the SSH Service to Apply Changes
For the changes to take effect, restart the SSH service:
sudo systemctl restart sshdTest SSH Connection with the New Port
Now, test the new SSH port by establishing an SSH connection using the new port
ssh username@server_ip -p 2200Security Tips After Changing the Port
To enhance security, consider additional security steps after changing the SSH port, such as using SSH keys, disabling root login, and restricting access based on IP addresses.
Prerequisites for Changing the SSH Port in Rocky Linux
Before you change the SSH port on Rocky Linux, there are a few important prerequisites and preparations to consider to ensure a smooth and secure transition.
1. Root or Sudo User Access
To change the SSH port, you need to have either root privileges or access to a user with sudo permissions. This will allow you to edit system configuration files and restart services.
2. Basic Knowledge of the Command Line
Familiarity with the command line is essential for making configuration changes on Linux servers. Basic knowledge will help you navigate files, edit configurations, and execute necessary commands.
3. Text Editor (e.g., nano or vi)
You’ll need a text editor, such as nano or vi, installed on your system to modify the sshd_config file. Most Rocky Linux installations come with these editors pre-installed.
4. Understanding of Firewall Settings
To ensure that the new port is accessible, you’ll need to configure the firewall settings. This may require basic knowledge of the firewalld commands to add and open the new port.
5. Backup of SSH Configuration File
Before making any changes, it’s recommended to create a backup of the sshd_config file. This will allow you to revert back to the original configuration in case of any issues.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak6. SSH Client for Testing
To verify that the new port is working, you’ll need an SSH client on your local machine. This could be a terminal with SSH capabilities (for Linux/macOS) or an application like PuTTY (for Windows).
By ensuring these prerequisites, you can proceed with confidence and minimize the risk of errors during the SSH port change process.
Troubleshooting Potential Issues After Changing the SSH Port
After changing the SSH port, you may encounter some issues that could prevent you from connecting to the server. Here are some common issues and steps to troubleshoot them effectively.
1. Firewall Blocking the New Port
If you’re unable to connect to the server after changing the SSH port, it’s possible that the firewall is blocking the new port. Ensure the firewall configuration allows traffic on the new SSH port.
You can verify and allow the new port by running:
sudo firewall-cmd --permanent --add-port=your_new_port/tcp
sudo firewall-cmd --reload2. SELinux Restrictions
On systems with SELinux enabled, changing the SSH port requires updating the SELinux policy to permit the new port. Run the following commands to allow the new port:
sudo semanage port -a -t ssh_port_t -p tcp your_new_port
sudo systemctl restart sshdIf semanage isn’t installed, you can add it by installing the policycoreutils-python-utils package.
3. Configuration File Errors
If there’s an error in the sshd_config file, SSH may fail to start, preventing any connections. Check the file syntax for any errors, especially if you modified multiple settings. You can test the SSH configuration with:
sudo sshd -tThis command will output any configuration errors.
4. Restarting SSH Service Not Applied
Sometimes, changes may not take effect if the SSH service wasn’t properly restarted. Verify the restart by checking the SSH service status:
sudo systemctl restart sshd
sudo systemctl status sshdEnsure there are no errors preventing the service from running.
5. Testing SSH with Local Access
If remote access fails, try connecting to the SSH server locally (e.g., through localhost). This can help isolate the issue to either a network/firewall problem or an SSH configuration issue
ssh localhost -p your_new_port6. Checking Log Files for Errors
Examine the SSH log files for any error messages related to the port change. Logs are usually located at /var/log/secure or /var/log/auth.log. Reviewing these logs can provide insights into why the connection might be failing.
7. Reverting to the Previous Configuration (Backup)
If issues persist, revert to the previous sshd_config file. Rename the backup file to the original filename:
sudo mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
sudo systemctl restart sshdThese steps should help address common issues encountered after changing the SSH port, ensuring a smooth connection and enhanced server security.
Changing the SSH port in Rocky Linux is an easy way to make your server less vulnerable to attack. Changing the default SSH port increases security by making it less likely for these automated brute force attacks to target your server. Changing the SSH port doesn’t fix everything, but it is a good step to take in conjunction with SSH keys, disabling root logins, and setting up firewall rules.
This is the first step, and following the prerequisites and troubleshooting steps will make sure that you can continue with the Move Free process so that server access is not disrupted. To secure a server, you need to use multiple layers of security and changing the SSH port is one of them which help you build a secure server. This action goes a long way toward ensuring that your server is no longer vulnerable to unauthorized access, and makes for a stronger system overall.
