How to Change Apache, FTP, and SSH default port to a custom port – Part 3

In our previous parts, we saw how to change Apache and FTP default port to a custom port.

This is the third and last part of this series. In this tutorial, we will discuss how to change SSH default port to any random port. Similar to part 1 and part 2, It is also easy to implement. Read on.

Change SSH default port to a custom port

Changing ssh default port is pretty easy and it is almost same on all modern Linux operating systems.

To change the SSH default port, edit /etc/ssh/sshd_config file,

sudo vi /etc/ssh/sshd_config

As you probably know, the SSH default port is 22. So, we will change it to any random number, for example 2022.

To do so, edit or add the following line:

Port 2022

Save and close the file. Restart ssh service.

sudo systemctl restart sshd

Or

sudo service sshd restart

In RHEL/CentOS systems, adjust SELinux and Firewall settings to allow the new port.

sudo semanage port -a -t ssh_port_t -p tcp 2022

If semanage command is not found, install the following package:

sudo yum install policycoreutils-python

In RHEL 7 / CentOS 7:

sudo firewall-cmd --permanent --add-port=2022/tcp
sudo firewall-cmd --reload

In RHEL 6 / CentOS 6:

sudo vi /etc/sysconfig/iptables

Comment out the default port 22 line:

# -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

And add the new custom port line:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file.

Restart iptables to take effect the changes.

sudo service iptables restart

Finally, restart ssh service:

sudo service sshd restart

Verify the port settings using command:

sudo netstat -tulpn | grep :2022

Sample output:

tcp        0      0 0.0.0.0:2022            0.0.0.0:*               LISTEN      18680/sshd          

tcp6       0      0 :::2022                 :::*                    LISTEN      18680/sshd

Now, try to SSH from any client systems using the port number as shown below.

ssh -p 2022 ostechnix@192.168.1.150

Sample Output:

ostechnix@192.168.1.150's password: 

Last login: Wed Jan 20 15:45:16 2016

[ostechnix@server ~]$

Conclusion

Like I said in the first part, these methods alone will not keep your server safe and secure. There are many tasks you need to consider such as firewall implementation, DDoS, Brute-force attacks prevention, installing security patches, updating your server and applications regularly etc. But these are the first and foremost things you should do before implementing any security methods. Now, your Linux server is bit more secure than before.

That’s all for now. I will be here again with an interesting article soon. Please share this article on your social circle and support OSTechNix.

Thanks for reading! Cheers!!

You may also like...