How do you change the default SSH port in CentOS?
Learn how to change the default SSH port in CentOS to enhance security and protect your server from unauthorized access. Easy step-by-step guide provided.
Changing the default SSH port in CentOS involves editing the SSH daemon configuration file and updating firewall rules to allow traffic on the new port. Here’s how to do it:
### Step 1: Choose a New Port Number
Select a port number that is not already in use and greater than 1024 (common choices are between 1025 and 65535).
### Step 2: Edit the SSH Daemon Configuration
1. Open the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_config
```
2. Locate the line that specifies the port (usually near the top of the file):
#Port 22
```
3. Uncomment the line by removing the `#` and change the port number to your desired port:
Port 2222
```
Replace `2222` with the port number you chose.
4. Save and exit the file (in nano, you can do this by pressing `Ctrl+X`, then `Y`, and then `Enter`).
### Step 3: Adjust Firewall Settings
1. Add the new port to the firewall:
sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
```
Replace `2222` with your chosen port number.
2. Remove the default SSH port (if desired):
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
```
3. Reload the firewall to apply the changes:
sudo firewall-cmd --reload
```
### Step 4: Restart the SSH Service
1. Restart the SSH daemon to apply the changes:
sudo systemctl restart sshd
### Step 5: Verify the New Configuration
1. Attempt to connect to your server using the new port:
ssh -p 2222 your_username@your_server_ip
Replace `2222` with your chosen port number, `your_username` with your SSH username, and `your_server_ip` with your server's IP address.
2. If you can connect successfully, the new port configuration is working.
### Step 6: Update SELinux (Optional)
If SELinux is enabled on your system, you may need to update SELinux policies to allow the new SSH port:
1. Check the current SELinux status:
sudo sestatus
2. Add the new SSH port to SELinux:
sudo semanage port -a -t ssh_port_t -p tcp 2222
If the `semanage` command is not found, install the necessary package:
sudo yum install policycoreutils-python -y
3. Verify the SELinux port configuration:
sudo semanage port -l | grep ssh
This completes the process of changing the default SSH port on CentOS. Make sure to keep track of the new port number and update any relevant documentation or scripts accordingly.
What's Your Reaction?
