Linux Administrator

How to Change Default SSH Port in Linux/CentOS

Secure Shell (SSH) is a protocol which is used to access Linux servers remotely. In short, we can say it allows the secure exchange of data between two computers. Commonly port 22 is used to connect one computer to another. You can also change this port editing its configuration file.

Changing the SSH port will help prevent an attacker from launching brute fore attacks to the default port.

In this article I will describe how to change default SSH port in Linux/CentOS.

Change Default SSH Port in Linux/CentOS

Follow the below steps to change the default ssh port in Linux/CentOS.

1. Login to your server as root accout.

2. Within the command line, execute the command line ‘nano /etc/sysconfig/iptables’ to edit the IPTables configuration file.

  • Add the following line to the configuration file: ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport someportnumber -j ACCEPT’ directly below line ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT’ in the configuration file.
  • Save and exit by holding down ‘ctrl’ and ‘x’

3. Within the command line run the command ‘service iptables restart’ to restart the IPTables service

4. Run the command ‘service iptables status’ to see if the new rule has been applied (optional)

5. Edit the SSH configuration file with the command ‘nano /etc/ssh/sshd_config’

  • Modify the line ‘#port 22‘ by removing ‘#‘ and replacing ‘22‘ to your new desired port number we opened on the IPTables configuration.
  • Save and exit by holding down ‘ctrl‘ and ‘x

6. Within the command line, execute ‘service sshd restart’ to restart the SSH service.

7. If you can still access the command line, type ‘ss -tnlp | grep ssh’ to verify SSH is listening on the new port. (optional)

8. Connect to the server via SSH using the new port you selected.

9. Run the command ‘nano /etc/sysconfig/iptables’ to edit the IPTables configuration file again.

  • Comment out line ‘-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT’ by adding ‘#‘ in the beginning of the line to block all connectivity to port 22.
  • Save and exit by holding down ‘ctrl‘ and ‘x

10. Execute the command ‘service iptables restart’ to restart the IPTables service

Thank you! for visiting Look Linux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment