When working with linux remotely, SSH is the most important tool you have. SSH enables you to access your server remotely and securely.

But SSH is not perfect in its default installation, and there so many ways to enhance the security of SSH on your system, so you minimize the risk of someone getting unauthorized access to your box.

One of these ways is changing SSH from the standard port (Port 22) to any other non-standard port.

Here, I will change the SSH port from 22 to 22002, as an example.

First thing you need to do, to access your box, via SSH, as usual, and edit your /etc/ssh/sshd_config as root (I’m using nano for this – feel free to use any other editor):

sudo nano /etc/ssh/sshd_config

Now find the line with the port, and uncomment it, if it is commented, then change the value to 22002:

Port 22002

This will instruct SSHD to listen on Port 22002.

But, do not restart your ssh daemon, yet, because your system is not configured to allow traffic through 22002.

We need to allow communications on port 22002 in SELinux and in Firewalld. If you have both of them installed/active.

Let me start with SELinux. I’ll use semanage for this:

sudo semanage port -a -t ssh_port_t -p tcp 22002

Now, we can check if the port is now open and assigned, by listing all the ports, and grep’ing ssh:

sudo semanage port -l | grep ssh

This should show:

ssh_port_t  tcp. 22002, 22

Our final step, is to allow communications on the selected port in Firewalld:

sudo firewall-cmd --add-port=22002/tcp --permanent

sudo firewall-cmd --reload

At this point, lets reboot the linux box, and use the new port for accessing.

Notes:

• You can also disable the standard port 22 in firewalld, since it is not used anyway.
• Other methods to secure SSH access is by disabling root remote access, disabling password authentication and limit the access to SSH keys only. All this can be done by editing the /etc/ssh/sshd_config file.