This article explains the steps to change the default Secure Shell (SSH) port on a Linux Source Server.
1. Open and edit the SSH configuration file on the source server
a. Run below command to open the sshd_config file
vi /etc/ssh/sshd_config
b. Use arrow keys to scroll through the file until you locate the below text
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress : :
c. Place the cursor on the line "#Port 22" and press the Insert button on your keyboard to edit the file
d. Remove # to uncomment the line and specify the new port number
Port <port_number>
e. Hit Ctrl + C to exit insert mode. Then Quit vi by typing ":wq!" without quotes and hit Enter
2. Bind SSH daemon to the new port
a. Install the policycoreutils package to bind the SSH daemon to the new SSH port by using the following command:
For CentOS and RHEL:
yum install policycoreutils
For Debian and Ubuntu:
sudo apt -y install policycoreutils
b. Type "y" and press Enter key to continue with installation. Add below rules to ensure that SSH daemon binds with the specified port,
semanage port -a -t ssh_port_t -p tcp <port_number>
semanage port -m -t ssh_port_t -p tcp <port_number>
c. Restart the SSH daemon,
For CentOS and RHEL:
systemctl restart sshd.service
For Debian and Ubuntu:
systemctl restart ssh.service
3. Verify the bind to the new port
Ensure that the port changes took effect by using either the netstat or ss command as shown below,
ss -tlpn | grep ssh
netstat -tlpn | grep ssh
4. Update the firewall
Update the firewall to ensure that incoming connections are allowed to the newly specified port on the source server.
Enter below lines and replace the port number specified here with the ones you set earlier.
For CentOS and RHEL:
sudo firewall-cmd --add-port=<port_number>/tcp –permanent
sudo firewall-cmd --reload
For Debian and Ubuntu:
sudo ufw allow <port_number>/tcp
sudo ufw reload
5. Verify by SSHing to the host from RMM
SSH to the origin using the -p <port number> option. You should be able to login successfully.
ssh rackware@<Source_IP> -p <port_number>