Search our database

Change OpenSSH Port on CentOS 7

By default the port used for OpenSSH is port 22. For security reasons such as preventing hackers from guessing our server access port too easily, we can change the listening port for accessing our servers through a few steps.

Step 1: First we need to backup our current SSH configuration, using the command:

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

This command creates a backup file named “ssh_config.bak”.


Step 2: Open the SSH configuration file.

vi /etc/ssh/sshd_config

Uncomment the line that starts with “Port” and change the value from 22 to another value that is not in use.


Save and exit the file.


Step 3: By default SELinux only allows SSH through port 22, thus we need to configure its rules. First install the following package:

yum -y install policycoreutils-python

Then, use the following command to configure the rules to allow the port that you have chosen through SELinux:

semanage port -a -t ssh_port_t -p tcp <port_number_to_allow_ssh>

After that, we need to configure the firewall so that it allows the port through. Use the following command:

firewall-cmd --permanent --zone=public --add-port=<port_number_to_allow_ssh>/tcp

Note: The “–permanent” prefix makes sure that the rule stays even after system reboot.

A “success” will pop up after a while. Reload the firewall configuration using the line:

firewall-cmd --reload


Step 4: Restart SSH service by typing in:

systemctl restart sshd.service

Use the following command to see if the port that you have selected is running:

ss -tnlp | grep ssh


Step 5: Open a new SSH connection, try and sign in using the newly assigned port number.

Tags: ,