In this How-To guide we are going to explain you though changing the default SSH port on a Linux system.
SSH - The Secure Shell Protocol by default uses port 22. You can change this port number for security purpose. If you use Oracle Linux 7, Centos 7 or Red Hat Linux 7 versions, you can change port number with below operations.
Accepting this value does not make your system insecure, nor will changing the port provide a
significant variance in security. However, changing the default SSH port will stop attacker from making unauthorized access or from many automated attacks and a bit harder to guess on which port SSH is accessible from.
If selinux is enabled, you have to add new port number to selinux configuration because of the fact that selinux allows only 22 port number for ssh connections.
STEP1 : As root user, edit the sshd configuration file using default VI editor.
STEP 2: Edit the line which states 'Port 22'.
But before doing so, you must choose an appropriate port and also make sure that it not currently used by any other application on the system.
Note: The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. It is good practice to follow their port assignment guidelines. Having said that, port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used. Though nothing is stopping you from using reserved port numbers, our suggestion may help avoid technical issues with port allocation in the future.
STEP 3 : Change Selinux Configuration
To change:
To list using grep:
STEP 4: Restart SSHD Service to Activate New Confiuration
STEP 5: Verify SSH is listening on the new port by connecting to it.
Now connect using new port no 2290.
SSH - The Secure Shell Protocol by default uses port 22. You can change this port number for security purpose. If you use Oracle Linux 7, Centos 7 or Red Hat Linux 7 versions, you can change port number with below operations.
Accepting this value does not make your system insecure, nor will changing the port provide a
significant variance in security. However, changing the default SSH port will stop attacker from making unauthorized access or from many automated attacks and a bit harder to guess on which port SSH is accessible from.
If selinux is enabled, you have to add new port number to selinux configuration because of the fact that selinux allows only 22 port number for ssh connections.
How to Change SSH Port When Selinux is Enable in Linux
STEP1 : As root user, edit the sshd configuration file using default VI editor.
# vi /etc/ssh/sshd_config Port 2290 Save and Exit
STEP 2: Edit the line which states 'Port 22'.
But before doing so, you must choose an appropriate port and also make sure that it not currently used by any other application on the system.
# What ports, IPs and protocols we listen for Port 2290
Note: The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. It is good practice to follow their port assignment guidelines. Having said that, port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used. Though nothing is stopping you from using reserved port numbers, our suggestion may help avoid technical issues with port allocation in the future.
STEP 3 : Change Selinux Configuration
To change:
# semanage port -a -t ssh_port_t -p tcp 2290
To list using grep:
# semanage port -l | grep ssh
STEP 4: Restart SSHD Service to Activate New Confiuration
# systemctl restart sshd.service Switch over to the new port by restarting SSH. #/etc/init.d/ssh restart
STEP 5: Verify SSH is listening on the new port by connecting to it.
Now connect using new port no 2290.
ssh username@hostname.com -p 2290