How to Change Apache, FTP, and SSH default port to a custom port – Part 3
In our previous parts, we saw how to change Apache and FTP default port to a custom port.
- How to Change Apache, FTP, and SSH default port to a custom port – Part 1
- How to Change Apache, FTP, and SSH default port to a custom port – Part 2
This is the third and last part of this series. In this tutorial, we will discuss how to change SSH default port to any random port. Similar to part 1 and part 2, It is also easy to implement. Read on.
Change SSH default port to a custom port
Changing ssh default port is pretty easy and it is almost same on all modern Linux operating systems.
To change the SSH default port, edit /etc/ssh/sshd_config file,
sudo vi /etc/ssh/sshd_config
As you probably know, the SSH default port is 22. So, we will change it to any random number, for example 2022.
To do so, edit or add the following line:
Save and close the file. Restart ssh service.
sudo systemctl restart sshd
sudo service sshd restart
In RHEL/CentOS systems, adjust SELinux and Firewall settings to allow the new port.
sudo semanage port -a -t ssh_port_t -p tcp 2022
If semanage command is not found, install the following package:
sudo yum install policycoreutils-python
In RHEL 7 / CentOS 7:
sudo firewall-cmd --permanent --add-port=2022/tcp
sudo firewall-cmd --reload
In RHEL 6 / CentOS 6:
sudo vi /etc/sysconfig/iptables
Comment out the default port 22 line:
# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
And add the new custom port line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT
Save and close the file.
Restart iptables to take effect the changes.
sudo service iptables restart
Finally, restart ssh service:
sudo service sshd restart
Verify the port settings using command:
sudo netstat -tulpn | grep :2022
tcp 0 0 0.0.0.0:2022 0.0.0.0:* LISTEN 18680/sshd tcp6 0 0 :::2022 :::* LISTEN 18680/sshd
Now, try to SSH from any client systems using the port number as shown below.
ssh -p 2022 email@example.com
firstname.lastname@example.org's password: Last login: Wed Jan 20 15:45:16 2016 [ostechnix@server ~]$
Like I said in the first part, these methods alone will not keep your server safe and secure. There are many tasks you need to consider such as firewall implementation, DDoS, Brute-force attacks prevention, installing security patches, updating your server and applications regularly etc. But these are the first and foremost things you should do before implementing any security methods. Now, your Linux server is bit more secure than before.
That’s all for now. I will be here again with an interesting article soon. Please share this article on your social circle and support OSTechNix.
Thanks for reading! Cheers!!