Using secure SSH port is important part to create secure Linux server environment. This should be done on your side if you’re currently running production server, especially if you have huge traffic site or online shop site. Well, today I will show you on how to changing default SSH port to secure port on CentOS 7 machine.
That’s very easy and you can doing this task under 10 minutes. But, if you have Firewall running inside your machine, you must of course adding the SSH port number firts to your Firewall rules. After that you can change the SSH port number to your OpenSSH configuration file.
If you not doing that, you of course would be blocking from your machine or in other word you cannot access your server via SSH terminal.
PREREQUISITES:
* VPS / Cloud / Dedicated Server
* System Distribution with CentOS 7
* Server IPv4 Address
* Full-Root Access
* gNome Terminal for Linux
* PuTTy SSH Client for Windows / Mac
1.) Adding SSH Port Number to Firewall Rule
Make sure you have adding your SSH port number to your Firewall rules, whether you’re using UFW, Iptables, Firewalld or even ConfigServer Security & Firewall (CSF & LFD).
2.) Change SSH Port Number
After you’ve added your SSH port number to your firewall rules, you can change your SSH port number on your OpenSSH configuration file.
$ nano /etc/ssh/sshd_config ------------------------------------------ # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # Port 48731 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ------------------------------------------
PLEASE NOTE: In the rule above I’ve changed the default SSH port to secure port 48731. But, you can change the default SSH port to your prefered secure port number.
3.) Restart OpenSSH Service
Simply restart OpenSSH service on your CentOS 7 machine after you’ve changed SSH port number.
$ service sshd restart
OR
$ systemctl restart sshd.service
4.) Note for Changing Port Number
For changing port number, you must not using the following port ranges:
* Well Known Ports: 0-1023 [This port ranges cannot be used)
* Registered Ports: 1024-49151 [This port ranges should be excluded]
* Dynamic/Private Ports: 49152-65535 [This port ranges cannot be used]
CONCLUSION:
Changing default SSH port number to secure SSH port number is very easy and that’s would be done under 5-10 minutes. Since this is easy task on Linux server, but become important aspect on server hardening / security part.