The default SSH service port value is 22, in which case hackers may be able to launch attacks on the server through port 22, gain control of it or cause irreparable damage to it. To increase security of your server, you must change the default SSH port. In this article, you will learn How to Change SSH Port on CentOS 7 , 8 and 9. If you want to purchase CentOS VPS server, you can check the offered packages on Eldernode website.
Table of Contents
Tutorial Change SSH Port on CentOS 7 , 8 and 9
Recommended Article: How to check Linux kernel version on VPS
Introduction to SSH Port
SSH is a remote management protocol that allows users to remotely control and modify their servers. This service is an alternative to Telnet, which uses cryptographic techniques, unlike Telnet. It provides a mechanism for remote user authentication, data transfer from client to host and retransmission to client. Follow the steps below to change SSH port on CentOS. In this state, the port to be set needs to be re-tagged so that the access control policy rules can accept the SSH service for connection.
In the next section, we will teach you step by step how to Change SSH Port on CentOS 7 and 8.
Change SSH Port on CentOS 7 and 8
First login to your CentOS system and run the following command to backup your SSH configuration file:
date_format=`date +%Y_%m_%d:%H:%M:%S`
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$date_format
Then confirm the backup with the command below:
ls /etc/ssh/sshd_config*
/etc/ssh/sshd_config /etc/ssh/sshd_config_2019_09_05:21:40:10
You can open SSH configuration file with any type of text editor (vi, vim, nano e.t.c):
sudo vi /etc/ssh/sshd_config
Find the line for port 22 and uncomment it and set your new service port to use; For example I use port 9782:
Port 9782
Close the file after saving the changes.
As mentioned the default port is labeled SSH 22:
semanage port -l | grep ssh
ssh_port_t tcp 22
To open SSH port on Firewalld, You should keep the firewall service running and only allow trusted services:
sudo firewall-cmd --add-port=9782/tcp --permanent
sudo firewall-cmd --reload
Use the following command to install the Firewalld and start the service:
sudo yum -y install firewalld
sudo systemctl enable --now firewalld
sudo firewall-cmd --add-port=9782/tcp --permanent
sudo firewall-cmd --reload
You can remove the SSH service with the following command:
sudo firewall-cmd --remove-service=ssh --permanent
sudo firewall-cmd --reload
Run the following command to restart the SSH service and apply the changes:
sudo systemctl restart sshd
Finally verify Listen address for SSH with the following command:
netstat -tunl | grep 9782
tcp 0 0 0.0.0.0:9782 0.0.0.0:* LISTEN
tcp6 0 0 :::9782 :::* LISTEN
Change SSH Port on CentOS Stream 9
First login to the server via SSH console:
ssh root@hostname
Run the following command to install your favorite editor (nano or VIM) on Linux:
dnf install nano -y
Then check the Firewall status with the following command:
systemctl status firewalld
Run the following command to install the Firewalld:
yum install firewalld
Now you need to check again the Firewalld status with the following command:
systemctl status firewalld
Use the following command to enable and start the Firewalld service:
systemctl enable firewalld
systemctl start firewalld
Finally check again the FirewallD status:
systemctl status firewalld
Run the following command to stop the Firewalld:
systemctl stop firewalld
Then restart the Firewalld:
systemctl restart firewalld
Then use the following command to add your custom SSH port number on Firewalld. Fore example, to use port 9782, you can whitelisted with the following command:
sudo firewall-cmd --add-port 9782/tcp
sudo firewall-cmd --add-port 9782/tcp --permanent
sudo firewall-cmd --zone=public --permanent --add-port=9782/tcp
Then run the following command to restart the Firewalld service:
systemctl restart firewalld
Then change SSH port number with the following command:
nano /etc/ssh/sshd_config
Finally run the following command to restart the SSH service:
systemctl restart sshd
Recommended Article: How to Install MailSpring on Centos 7 & 8
Conclusion
As mentioned, hackers can damage your server in the default SSH port mode, so you need to change the default SSH port to increase the security of your server. In this article, we introduced SSH port and you learned how to change SSH port on CentOS 7 , 8 and 9.
