How do I change the port for SSH

Thias79 · April 21, 2023, 9:31pm

I have a small question regarding SSH
How do I change the port for ssh and allow the new port in firewalld. How do I then close the old port 22 in firewalld?

Kind regards

jlehtone · April 21, 2023, 10:03pm

The sshd’s config obviously is the place where you set the port that the sshd process does listen
It might be necessary to tell the SELinux to allow the sshd process to listen that port
The FirewallD’s default config has set the zone ‘public’ to have service ‘ssh’, and the config of that service is set to allow port 22. It should be possible to modify the service, or replicate with different port. Either by firewall-cmd or with files in /etc/firewalld/*. See Configuring firewalls and packet filters Red Hat Enterprise Linux 9 | Red Hat Customer Portal

scottro · April 22, 2023, 10:47am

How to configure SSH to use a non-standard port with SELinux set to enforcing | TechRepublic is another one that gives instructions for the ssh port and firewall.

jlehtone · April 22, 2023, 11:23am

That says sudo nano /etc/ssh/sshd_config

Fine for el8, but el9 has a new shiny:
sudo nano /etc/ssh/sshd_config.d/00-myport.conf

The statements in /etc/ssh/sshd_config.d/00-myport.conf do override statements
in /etc/ssh/sshd_config and you can later easily see what customizations you
have done, rather than asking “What did I edit in /etc/ssh/sshd_config?”

scottro · April 22, 2023, 11:45am

Ah, thanks for that. As the one Alma I’m using regularly is on an older machine that won’t take Alma9, I wasn’t aware of that. (My other installs are on laptops or vms, where I haven’t tried to change the default port). So, I learned something this morning, thanks to you.

Thias79 · October 13, 2023, 9:09am

Used me of these two commands for when I changed the gate in the file sshd_config

semanage port -a -t ssh_port_t -p tcp 2021

Semanage port -m -t ssh_port_t -p tcp 2021

Then I restarted the service for firewalld

sudo systemctl restart firewalld

Then it worked great.

By the way, how do I Put this post as solved?

toracat · October 13, 2023, 5:59pm

This is “for the record”.

The following description is in the /etc/ssh/sshd_config file for el9:

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER

Topic		Replies	Views
Changing ssh port Support	2	1007	March 5, 2023
Setting alternate ssh port in firewall Support	15	1360	June 22, 2022
Secure SSH and change ssh port 22 Security	5	205	April 4, 2024
Send mail changing port issue Support	3	285	September 6, 2023
SSH configuration is not being honored Security	3	859	October 2, 2023

How do I change the port for SSH

Related Topics