In this tutorial, we will show you how to change the default ssh port on the CentOS system. For those of you who didn’t know, SSH is a program and protocol for securely connecting to remote machines across a network. It allows you to run programs, and do a variety of tasks as if you were sitting at the machine. SSH is very similar to telnet except it is with encryption to protect the transferred information and authentication.
The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH port will stop many automated attacks and a bit harder to guess which port SSH is accessible from
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The tutorial is quite simple. I will show you the step-by-step change of the default SSH port on the CentOS system.
Prerequisites
- A server running one of the following operating systems: CentOS Linux.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, you can harm your system if you’re not careful when acting as the root.
Change SSH Port in CentOS
Step 1. Log into your server as the root user.
ssh root@hostname/IP
Step 2. Open our SSH configuration.
nano /etc/ssh/sshd_config
Edit the line which states ‘Port 22’. Choose an appropriate port, also make sure it is not currently used on the system.
# What ports, IPs and protocols we listen for Port 922
Once you have the change done, simply exit and save the sshd_conf file. Now all you need to run is the below command and it will restart the SSH server. The next time you want to connect via SSH, you will need to do so on your new port, in our case, 922:
systemctl restart sshd.service
Verify SSH is listening to the new port by connecting to it. Note how the port number now needs to be declared:
ssh username@hostname.com -p 922
Step 3. Configure IPTables and Firewall.
- CentOS 6
After you are finished configuring SSH, you will need to add the port to iptables as well as your installed firewall:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 922 -j ACCEPT
- CentOS 7/8
Run the following command to set up FirewallID:
sudo firewall-cmd --add-port 922/tcp --permanent sudo firewall-cmd --add-port 922/tcp sudo firewall-cmd --reload
Congratulations! You have successfully changed the default SSH port. Thanks for using this tutorial to change the OpenSSH port number on CentOS 8 systems. For additional help or useful information, we recommend you check the official CentOS website.