In this part, we are going to learn how to change SSH default port on CentOS7.
The default SSH port on most Linux/Unix systems is TCP port 22. This can be changed easily to a custom port not used by other Applications in the system.
Even though change SSH default port 22 may not gain you much from security point of view, there are still some advantages that goes with it:
- reduces attack surface by shielding your server against automated random attacks that targets services running on default ports.
- attacks that target exploitation of vulnerabilities associated with specific versions of OpenSSH and its crypto libraries.
- reduces the size of the log files as it stops brute forced failed login attempts directed towards the default SSH port.
Notes Before Changing The SSH Port:
- It is better to specify a 4 or 5 digit port. Also, remember to uses a free SSH port.
- If a firewall is used in the data center network, be sure to inform the data center of the desired port to open it.
- Be sure to write down the port you want to allocate to SSH.
- Be careful to change the SSH port as any mistake may cause you to have trouble accessing the server.
- If you do not use SELinux, you should just disable it to prevent any issue on the function of your server.
Change SSH port to use a different Port on Linux
First disable SELinux Before Changing SSH Port: To disable SELinux, open the below file and set the mode to disabled.
/etc/selinux/config
Edit The sshd File To Change SSH Port: go to sshd_config file editing mode with the following command.
nano /etc/ssh/sshd_config
If the nano package is not installed, see How to Install and use Nano Text Editor Commands in Linux
- Change the number of default port 22 to another one.
- Then add the new port to your firewall to prevent any disruption, using this command after changing SSH port.
sudo firewall-cmd --zone=public --permanent --add-port=14252/tcp
Restart sshd Service
if you faced error with restarting sshd, try to reboot the server. Once the server was ready, you can easily connect to sshd and the new port number should be used instead of port 22 but the case is, this time you are more secure than the last connection!