By default the port used for OpenSSH is port 22. For security reasons such as preventing hackers from guessing our server access port too easily, we can change the listening port for accessing our servers through a few steps.
Step 1: First we need to backup our current SSH configuration, using the command:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
This command creates a backup file named “ssh_config.bak”.
Step 2: Open the SSH configuration file.
Uncomment the line that starts with “Port” and change the value from 22 to another value that is not in use.
Save and exit the file.
Step 3: By default SELinux only allows SSH through port 22, thus we need to configure its rules. First install the following package:
yum -y install policycoreutils-python
Then, use the following command to configure the rules to allow the port that you have chosen through SELinux:
semanage port -a -t ssh_port_t -p tcp <port_number_to_allow_ssh>
After that, we need to configure the firewall so that it allows the port through. Use the following command:
firewall-cmd --permanent --zone=public --add-port=<port_number_to_allow_ssh>/tcp
Note: The “–permanent” prefix makes sure that the rule stays even after system reboot.
A “success” will pop up after a while. Reload the firewall configuration using the line:
Step 4: Restart SSH service by typing in:
systemctl restart sshd.service
Use the following command to see if the port that you have selected is running:
ss -tnlp | grep ssh
Step 5: Open a new SSH connection, try and sign in using the newly assigned port number.