Skip to main content

Changing the default SSH port on CentOS 7

Some webmasters believe that changing SSH port number from the default 22 can enhance security. The notion is since SSH default port number is 22 and everyone knows it, including the hackers, it isn’t safe.
Changing the SSH port number to something other than 22 will enhance your server’s security in that the bad guys won’t know which port or ports SSH communicates on. This is a cool trick, but won’t stop someone who is determined to break into your servers.
Just by using simple port scanner or similar tools, hackers can figure out all the connecting ports on your servers. This is an old technique that probably isn’t applicable in our time today.
In my opinion, the best way to protect your SSH server is to implement password-less logon using certificates and encryption. Using this method, only machines that already have the encryption key will be allowed to sign on using SSH protocol.
Another way is to configure your firewall to only all SSH connections from a pre-defined machine whose IP address is white-listed in the firewall rules. Anything else will not enhance your server security any better.
If you still want to change the default SSH port number on your CentOS 7, then continue below to learn how. I am going to show you how to do that easily.


  • Changing the default SSH port on CentOS 7
To change the default SSH port, the first thing you want to do is backup the current SSH configuration on your system. To do that, run the commands below.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
This creates a new named sshd_config.bak with the current settings of the sshd_config file. If something goes wrong, you can then restore the file from the backup.
Next, run the commands below to open the default SSH configuration file
sudo vi /etc/ssh/sshd_config
When the file opens, make the below change and save the file. Un-comment or remove the (#) before the line the reads Port and change the port number you want to use.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port 2244
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
Save the file.
After saving, don’t exit until you’ve completed these steps

semanage port -a -t ssh_port_t -p tcp 2653

yum install policycoreutils-python



After that, run the commands below to allow the new port through the firewall.
sudo firewall-cmd --permanent --zone=public --add-port=2244/tcp
Reload the firewall configurations
sudo firewall-cmd --reload
Restart SSH by  running the commands below.
sudo systemctl restart sshd.service
Verify that SSH is now running on the new port by running the commands below.
ss -tnlp | grep ssh
LISTEN          0                128                              *:2244 *:*                                     users:((“sshd”,10783,3))
LISTEN          0               128                              :::2244 :::*                                     users:((“sshd”,10783,4))
Exit and try signing in using the new port number.

Comments

Post a Comment

Popular posts from this blog

How to remove zabbix-agent from Ubuntu 16.04 (Xenial Xerus)

Uninstall zabbix-agent To remove just zabbix-agent package itself from Ubuntu 16.04 (Xenial Xerus) execute on terminal: sudo apt-get remove zabbix-agent Uninstall zabbix-agent and it's dependent packages To remove the zabbix-agent package and any other dependant package which are no longer needed from Ubuntu Xenial. sudo apt-get remove --auto-remove zabbix-agent Purging zabbix-agent If you also want to delete configuration and/or data files of zabbix-agent from Ubuntu Xenial then this will work: sudo apt-get purge zabbix-agent To delete configuration and/or data files of zabbix-agent and it's dependencies from Ubuntu Xenial then execute: sudo apt-get purge --auto-remove zabbix-agent
Post a Comment
Read more

Install Zabbix Agent on Suse Linux and Configure

Install taken from Suse –  http://software.opensuse.org/download/package?project=server:monitoring&package=zabbix-agent For SLE 12 SP1 run the following as root : zypper addrepo http://download.opensuse.org/repositories/server:monitoring/SLE_12_SP1/server:monitoring.repo zypper refresh zypper install zabbix-agent For SLE 12 run the following as root : zypper addrepo http://download.opensuse.org/repositories/server:monitoring/SLE_12/server:monitoring.repo zypper refresh zypper install zabbix-agent For SLE 11 SP4 run the following as root : zypper addrepo http://download.opensuse.org/repositories/server:monitoring/SLE_11_SP4/server:monitoring.repo zypper refresh zypper install zabbix-agent For SLE 11 SP3 run the following as root : zypper addrepo http://download.opensuse.org/repositories/server:monitoring/SLE_11_SP3/server:monitoring.repo zypper refresh zypper install zabbix-agent To configure the agent – Instructions taken from – https://www.zabbix.org/wiki
2 comments
Read more

Zabbix alert Notification with Telegram

Zabbix Notifications with graphs in Telegram. Features  Graphs based on latest data are sent directly to your messenger  You can send messages both in private and group chats  Channels support  Saves chatid as a temporary file  Simple markdown and HTML are supported  Emoji in messages First of all : Nedd to install python (>3) on Cent os  # yum -y install python-pip # yum install -y https://centos7.iuscommunity.org/ius-release.rpm #  yum install -y python34u python34u-libs python34u-devel python34u-pi # yum -y install python-pip You need to install the  requests  module for python, this is required for operation! # pip install requests Put  zbxtg.py  in your  AlertScriptsPath  directory, the path is set inside your zabbix_server.conf (once confirm by zabbix server conf file ) Link to download ZBXTG.PY file  https://drive.google.com/open?id=0BxB8j19aCMZ8dFl1aHVuLVJyRjQ # cp zbxtg.py /usr/local/share/zabbix/alertscripts/ Create
1 comment
Read more