How to Change SSH Default Port To A Custom Port

Change SSH Default Port

In our previous parts, we saw how to change Apache and FTP default ports to a custom port of our choice. This is the third and last part of this series. In this tutorial, we will discuss how to change SSH default port to any random port. Similar to previous guides, It is also easy to implement. Read on.


If you haven’t read the previous parts yet, go to the following links.


Change SSH default port to a custom port

Changing ssh default port is pretty easy and it is almost same on all modern Linux operating systems.

To change the SSH default port, edit /etc/ssh/sshd_config file,

$ sudo vi /etc/ssh/sshd_config

As you probably know, the SSH default port is 22. So, we will change it to any random number, for example 2022.

To do so, edit or add the following line:

Port 2022

Save and close the file. Restart ssh service.

$ sudo systemctl restart sshd

Or

$ sudo service sshd restart

In RHEL/CentOS systems, adjust SELinux and Firewall settings to allow the new port.

$ sudo semanage port -a -t ssh_port_t -p tcp 2022

If semanage command is not found, install the following package:

$ sudo yum install policycoreutils-python

In RHEL 7 / CentOS 7:

$ sudo firewall-cmd --permanent --add-port=2022/tcp
$ sudo firewall-cmd --reload

In RHEL 6 / CentOS 6:

$ sudo vi /etc/sysconfig/iptables

Comment out the default port 22 line:

# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

And add the new custom port line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file.

Restart iptables to take effect the changes.

$ sudo service iptables restart

Finally, restart ssh service:

$ sudo service sshd restart

Verify the port settings using command:

$ sudo netstat -tulpn | grep :2022

Sample output:

tcp        0      0 0.0.0.0:2022            0.0.0.0:*               LISTEN      18680/sshd          

tcp6       0      0 :::2022                 :::*                    LISTEN      18680/sshd

Now, try to SSH from any client systems using the port number as shown below.

$ ssh -p 2022 [email protected]

Sample Output:

[email protected]'s password: 

Last login: Wed Jan 20 15:45:16 2016

[[email protected] ~]$

Conclusion

As I said in the first part of this series, these methods alone will not keep your server safe and secure. There are many tasks you need to consider such as firewall implementation, DDoS, Brute-force attacks prevention, installing security patches, updating your server and applications regularly etc. But these are the first and foremost things you should do before implementing any security methods. Now, your Linux server is bit more secure than before.

That’s all for now. I will be here again with an interesting article soon. Please share this article on your social circle and support OSTechNix.

Cheers!!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.