Here we are going to learn how to Configure SSH, and change the default port on CentOS 7.

In default port 22 hit by anonymous more time. So we configuring SSH Server to listen on a different port other than the default port, 22, may not gain you much from security point of view, there are still some advantages that goes with it;

  • Reduces the size of the log files as it stops brute-forced failed login attempts directed towards the default SSH port 22.
  • Reduces anonymous attack surface by shielding your server against automated random attacks that targets services running on default ports 22, attacks that target exploitation of vulnerabilities associated with specific versions of OpenSSH and its crypto libraries,
See Below Image

Configure SSH to use a different Port on CentOS 7

Below steps through this guide to learn You how to configure SSH server to listen on a different port.

Step 1: Login to your centos 7 server and open the OpenSSH server configure file, File have /etc/ssh/sshd_config for editing.

vi /etc/ssh/sshd_config

Step 2: Uncomment the line, # Port 22 and set it to a desired port.

SSH Port Change

Note: For safety measure, just in case things go south, configure sshd to listen on two ports, the default port and the desired port such that your config files have two lines like as shown below. Once you confirm that the new port works fine, remove the default port setting. Ensure that no other service is using the new port.

Step 3: Tell SELinux about this change

semanage port -a -t ssh_port_t -p tcp 420

Now, verify that SELinux has allowed sshd to listen on the two ports:

semanage port -l | grep ssh
ssh_port_t  tcp 420, 22 

Step 4: If firewall is running, allow the new port on through it.

firewall-cmd --add-port=420/tcp --permanent
firewall-cmd --reload
Add Port into Firewall

Step 5: Restart sshd service

 systemctl restart sshd

Step 6: Test that you can login to the server with new SSH port

 ssh -p 420 root@58.147.173.206

Step 7: Now Remove Default Port 22 and restart service again.