In our previous parts, we saw how to change Apache and FTP default ports to a custom port of our choice. This is the third and last part of this series. In this tutorial, we will discuss how to change SSH default port to any random port. Similar to previous guides, It is also easy to implement. Read on.
If you haven't read the previous parts yet, refer the following links.
Change SSH default port to a custom port
Changing ssh default port is pretty easy and it is almost same on all modern Linux operating systems.
To change the SSH default port, edit /etc/ssh/sshd_config
file:
$ sudo vi /etc/ssh/sshd_config
As you probably know, the SSH default port is 22. So, we will change it to any random number, for example 2022.
To do so, edit or add the following line:
Port 2022
Save and close the file. Restart ssh service.
$ sudo systemctl restart sshd
Or
$ sudo service sshd restart
In RHEL/CentOS systems, adjust SELinux and Firewall settings to allow the new port.
$ sudo semanage port -a -t ssh_port_t -p tcp 2022
If semanage command is not found, install the following package:
$ sudo yum install policycoreutils-python
In RHEL / CentOS / AlmaLinux / Rocky Linux:
$ sudo firewall-cmd --permanent --add-port=2022/tcp
$ sudo firewall-cmd --reload
In RHEL 6 / CentOS 6:
$ sudo vi /etc/sysconfig/iptables
Comment out the default port 22 line:
# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
And add the new custom port line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT
Save and close the file.
Restart iptables to take effect the changes.
$ sudo service iptables restart
Finally, restart ssh service:
$ sudo service sshd restart
Verify the port settings using command:
$ sudo netstat -tulpn | grep :2022
Sample output:
tcp 0 0 0.0.0.0:2022 0.0.0.0:* LISTEN 18680/sshd tcp6 0 0 :::2022 :::* LISTEN 18680/sshd
Now, try to SSH from any client systems using the port number as shown below.
$ ssh -p 2022 ostechnix@192.168.1.150
Sample Output:
ostechnix@192.168.1.150's password: Last login: Wed Jan 20 15:45:16 2016 [ostechnix@server ~]$
Conclusion
As I said in the first part of this series, these methods alone will not keep your server safe and secure. There are many tasks you need to consider such as firewall implementation, DDoS, Brute-force attacks prevention, installing security patches, updating your server and applications regularly etc. But these are the first and foremost things you should do before implementing any security methods. Now, your Linux server is bit more secure than before.