Advance

How to Change SSH Port on CentOS 7, 8 and 9

How-to-Change-SSH-Port-on-CentOS-7,8,9

The default SSH service port value is 22, in which case hackers may be able to launch attacks on the server through port 22, gain control of it or cause irreparable damage to it. To increase security of your server, you must change the default SSH port. In this article, you will learn How to Change SSH Port on CentOS 7 , 8 and 9. If you want to purchase CentOS VPS server, you can check the offered packages on Eldernode website.

Tutorial Change SSH Port on CentOS 7 , 8 and 9

Recommended Article: How to check Linux kernel version on VPS

Introduction to SSH Port

SSH is a remote management protocol that allows users to remotely control and modify their servers. This service is an alternative to Telnet, which uses cryptographic techniques, unlike Telnet. It provides a mechanism for remote user authentication, data transfer from client to host and retransmission to client. Follow the steps below to change SSH port on CentOS. In this state, the port to be set needs to be re-tagged so that the access control policy rules can accept the SSH service for connection.

In the next section, we will teach you step by step how to Change SSH Port on CentOS 7 and 8.

Change SSH Port on CentOS 7 and 8

First login to your CentOS system and run the following command to backup your SSH configuration file:

date_format=`date +%Y_%m_%d:%H:%M:%S`  
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$date_format

Then confirm the backup with the command below:

ls /etc/ssh/sshd_config*  
/etc/ssh/sshd_config /etc/ssh/sshd_config_2019_09_05:21:40:10

You can open SSH configuration file with any type of text editor (vi, vim, nano e.t.c):

sudo vi /etc/ssh/sshd_config

Find the line for port 22 and uncomment it and set your new service port to use; For example I use port 9782:

Port 9782

Close the file after saving the changes.

As mentioned the default port is labeled SSH 22:

semanage port -l | grep ssh
ssh_port_t tcp 22

To open SSH port on Firewalld, You should keep the firewall service running and only allow trusted services:

sudo firewall-cmd --add-port=9782/tcp --permanent
sudo firewall-cmd --reload

Use the following command to install the Firewalld and start the service:

sudo yum -y install firewalld
sudo systemctl enable --now firewalld
sudo firewall-cmd --add-port=9782/tcp --permanent
sudo firewall-cmd --reload

You can remove the SSH service with the following command:

sudo firewall-cmd --remove-service=ssh --permanent
sudo firewall-cmd --reload

Run the following command to restart the SSH service and apply the changes:

sudo systemctl restart sshd

Finally verify Listen address for SSH with the following command:

netstat -tunl | grep 9782
tcp 0 0 0.0.0.0:9782 0.0.0.0:* LISTEN
tcp6 0 0 :::9782 :::* LISTEN

Change SSH Port on CentOS Stream 9

First login to the server via SSH console:

ssh [email protected]

Run the following command to install your favorite editor (nano or VIM) on Linux:

dnf install nano -y

Then check the Firewall status with the following command:

systemctl status firewalld

Run the following command to install the Firewalld:

yum install firewalld

Now you need to check again the Firewalld status with the following command:

systemctl status firewalld

Use the following command to enable and start the Firewalld service:

systemctl enable firewalld
systemctl start firewalld

Finally check again the FirewallD status:

systemctl status firewalld

Run the following command to stop the Firewalld:

systemctl stop firewalld

Then restart the Firewalld:

systemctl restart firewalld

Then use the following command to add your custom SSH port number on Firewalld. Fore example, to use port 9782, you can whitelisted with the following command:

sudo firewall-cmd --add-port 9782/tcp
sudo firewall-cmd --add-port 9782/tcp --permanent
sudo firewall-cmd --zone=public --permanent --add-port=9782/tcp

Then run the following command to restart the Firewalld service:

systemctl restart firewalld

Then change SSH port number with the following command:

nano /etc/ssh/sshd_config

Finally run the following command to restart the SSH service:

systemctl restart sshd
Recommended Article: How to Install MailSpring on Centos 7 & 8

Conclusion

As mentioned, hackers can damage your server in the default SSH port mode, so you need to change the default SSH port to increase the security of your server. In this article, we introduced SSH port and you learned how to change SSH port on CentOS 7 , 8 and 9.

We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.
  • edvard
    edvard
    4 weeks ago

    thanks 🙂 , your post solved my issue
    p.s: if it’s changed default port need also to advise selinux policy about that:sudo semanage port -a -t ssh_port_t -p tcp #PORTNUMBER

    Reply
    • Marilyn Bisson
      Marilyn Bisson
      4 weeks ago

      Thanks for your comment.

      Reply

Leave Your Comment

Your email address will not be published.

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day