OSETC TECH

How To Change SSH Port on Linux

This post will guide you how to change the SSH Port for your Linux server. How do I change the default SSH Port 22 to another port number from the command line in your Linux Operating system.

SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel. And the default SSH Port is 22.

Changing SSH Port on Linux


If you want to change SSH Service Default port 22 to another port number (such as: 20462) in your Linux, and you need to edit the configuration file named sshd_config under /etc/ssh directory. just do the following steps:

#1 edit the configuration file of sshd service named sshd_config located in /etc/ssh/ directory using your vim text editor,type:

$ sudo vim /etc/ssh/sshd_config

#2 find “#Port 22” line and then remove # and set the port value to 20462.

Port 20462

#3 save and close the file.

#4 If you are working on the CentOS or RHEL Linux system, and you still need to install policycoreutils package and then run the following command to relax Selinux policy so that the sshd service can bind to the new port number. type:

$ sudo yum install policycoreutils
$ sudo semanage port -a -t ssh_port_t -p tcp 20462
$ sudo semanage port -m -t ssh_port_t -p tcp 20462

Outputs:

[devops@mydevops ~]$ sudo yum install policycoreutils
[sudo] password for devops:
Last metadata expiration check: 2:15:08 ago on Fri 04 Oct 2019 07:25:36 AM EDT.
Package policycoreutils-2.8-16.1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

[devops@mydevops ~]$ sudo semanage port -a -t ssh_port_t -p tcp 20462
[devops@mydevops ~]$ sudo semanage port -m -t ssh_port_t -p tcp 20462
[devops@mydevops ~]$

#5 you need to restart sshd service by issuing the following command:

$ sudo systemctl restart sshd.service

Outputs:

[devops@mydevops ~]$ sudo systemctl restart sshd.service
[devops@mydevops ~]$ systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-10-04 09:52:53 EDT; 6s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 9968 (sshd)
Tasks: 1 (limit: 8286)
Memory: 1.0M
CGroup: /system.slice/sshd.service
└─9968 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-e>

Oct 04 09:52:53 mydevops.com systemd[1]: Stopped OpenSSH server daemon.
Oct 04 09:52:53 mydevops.com systemd[1]: Starting OpenSSH server daemon...
Oct 04 09:52:53 mydevops.com sshd[9968]: Server listening on 0.0.0.0 port 20462.
Oct 04 09:52:53 mydevops.com sshd[9968]: Server listening on :: port 20462.
Oct 04 09:52:53 mydevops.com systemd[1]: Started OpenSSH server daemon.

You can use the following command to verify if that port 20462 is opened for SSH Daemon in your Linux system, type:

$ ss -tulpn | grep 2046
$ netstat -tulpn | grep 2046

Outputs:

[devops@mydevops ~]$ ss -tulpn | grep 20462
tcp LISTEN 0 128 0.0.0.0:20462 0.0.0.0:*
tcp LISTEN 0 128 [::]:20462 [::]:*

[devops@mydevops ~]$ netstat -tulpn | grep 20462
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:20462 0.0.0.0:* LISTEN -
tcp6 0 0 :::20462 :::* LISTEN

If you have enabled the firewall in your Linux system, and you still need to update your firewall policy to accept new SSH port with the following command:

For CentOS/RHEL Linux:

$ sudo firewall-cmd --permanent --zone=public --add-port=20463/tcp
$ sudo firewall-cmd --reload

For Ubuntu/Debian Linux:

$ sudo ufw allow 20462/tcp

Conclusion


You should know that how to change ssh default port to another port number from the command line in your CentOS or RHEL or Ubuntu Linux system.