Open this file in the vi text editor:
vi /etc/ssh/sshd_config
Search the file for a line that appears as either #Port 22 or Port 22. If the line contains the “#” symbol, meaning that the line is commented out and thus is ignored, remove this symbol and change the port number from 22, which is the default SSH port, to your desired port. In our example, we will use port 2222 so our line in the sshd configuration file will look as follows:
Port 2222
When choosing a new port number, try to avoid using a common port from this list: 21, 80, 443, 25, 110, 113. Also stay away from ports that are already in use by your CentOS 7 server.
In our example, we are using 2222 but you should replace this number with the number of your port in the below command, which uses semanage port to configure ports in the SELinux policy:
semanage port -a -t ssh_port_t -p tcp 2222
we need to install the package policycoreutils-python-2.2.5-11.el7_0.1.x86_64 in order to use ‘semanage’ command.
so, let us install policycoreutils-python-2.2.5-11.el7_0.1.x86_64 package using command:
You can verify that SELinux has the new port by searching the output of the semanage port -l command, which lists the ports that are working with SELinux. The tool grep is used to search this output for you, and outputs only the relevant lines that contain the word SSH. To do the verification, run:
semanage port -l | grep ssh
The output of the above command should look like the following:
ssh_port_t tcp 2222, 22
Next, to allow the new port in your firewall, you have to run add the port to the public zone permanently. Replace the number 2222 below with your own port number that you set in the SSH configuration file and run:
firewall-cmd --permanent --zone=public --add-port=2222/tcp
You must restart the firewall for the changes to be done. This is extremely important is that otherwise, if your changes are not applied you will be locked out of SSH to this server if you logout! Reload firewall using:
firewall-cmd --reload
Once the firewalld and SELinux configuration is complete (or if you have skipped to this section), you can test that your new SSH port configuration is working. The command ss calls a utility that investigates Linux sockets, which is just a complicated term for a communication point for the server. This command will let you find the port that is listening for SSH on your server, and we can search the output for the exact port numbers for SSH. To do this, first enter:
ss -tnlp|grep ssh
The output will look something like this:
LISTEN 0 128 *:2222 *:* users:(("sshd",2786,3))
Ensure that you see your new port number in the output, much like we can see 2222 in the line above for our port we are using in the tutorial.
0 comments:
Post a Comment