How to Change SSH port in Linux

SSH (Secure Shell) daemon is a network protocol that is used to perform remotely secured logins to Linux systems via a secured channel through unsecured networks using strong cryptography.

The standard port used by SSH service is 22/TCP. However, you might want to change SSH default port in your Linux server, in order to achieve some kind of security through obscurity because the standard 22/TCP port is continuously targeted for vulnerabilities by hackers and bots in internet.

In this guide, we are going to learn how to Configure SSH to use a different Port on CentOS 7.

Configure SSH to use a different port on centos7 :-

1. Login to your server and open the OpenSSH server configuration file.

vim /etc/ssh/sshd_config

2. Next, Uncomment the line, # Port 22 and set it to a desired port.

NOTE:  As a safety measure, just in case things go south, configure sshd to listen on two ports, the default port and the desired port such that your config files have two lines like as shown below. Once you confirm that the new port works fine, remove the default port setting.

Port 22
Port 3457 <where 3457 is your preferred port>

NOTE: Ensure that no other service is using the new port.

3. If firewall is running on your server, allow the new port through it.

NOTE: If it is an AWS instance, make sure to open the new port in security groups also.

firewall-cmd --add-port=3457/tcp --permanent
firewall-cmd --reload

4. Now, after doing the above changes, Restart sshd service.

sudo systemctl restart sshd

To avoid any errors while restarting the sshd service, make sure your selinux is disabled or if you are using selinux make sure you enable new port in selinux.

5. Now finally, Test that you can login to the server with new SSH port.

ssh -p 3457 root@myserver

If you are able to successfully login through the new port, go ahead and remove the default port by commenting out in the sshd configuration file or block it on firewall. Remember to restart sshd after the changes or reload firewall respectively.

Leave a Reply

Your email address will not be published. Required fields are marked *