05-10-2021, 01:51 AM
@fChk Yesterday when I reinstalled my VPS 9 Dallas and noticed the hammering of my Port 22, I tried to change the port number the old fashioned way. However it didn't want to work. @Mashirohen directed me to this thread, and that put me totally into the right direction. SELinux and Firewall. So many steps to follow however and with each version of CentOS they're slightly different. But at least one can still change the port number.
I am on CentOS 7 x86_64 Minimal v2 and had to do it slightly (very slightly) different, but thought I would put my steps here for the record for CentOS 7:
1. Fresh install of CentOS 7 x86_64 Minimal v2
2. Install Nano and add new 4-digit port number (of own choosing) to sshd configuration (I will use 5000 in the example):
Scroll with down key to #Port 22 and change it to Port 5000 (4-digit number of own choosing)
Remember to remove the comment # before Port number so it looks like: Port 5000 (replace with your number)
Ctrl X Select Y for Yes and then use Enter Key to exit out of configuration
3. Install semanage and let SELinux know of the new port number
Replace 5000 with new 4-digit port number
Test whether successful:
Result should show Port 22 + Port 5000
4. Restart sshd and check which ports it is listening to
The new port number should be in there
4. Add new port number to Firewall
Check whether Firewall is running:
(replace 5000 with new port number)
Check Port
It should show new port number
5. Test new port number by exiting SSH (both user and root) and then logging back in.
6. Disable SSHD Default Port
Test port:
Has to show new port number/tcp in result
And @fChk is correct. No more hammering of Port 22. Thank you for this thread and Mashiro pointing me to it. Otherwise I'd never have been able to change the port number.
I am on CentOS 7 x86_64 Minimal v2 and had to do it slightly (very slightly) different, but thought I would put my steps here for the record for CentOS 7:
1. Fresh install of CentOS 7 x86_64 Minimal v2
2. Install Nano and add new 4-digit port number (of own choosing) to sshd configuration (I will use 5000 in the example):
Code: (Select All)
yum install nanoCode: (Select All)
nano /etc/ssh/sshd_configScroll with down key to #Port 22 and change it to Port 5000 (4-digit number of own choosing)
Remember to remove the comment # before Port number so it looks like: Port 5000 (replace with your number)
Ctrl X Select Y for Yes and then use Enter Key to exit out of configuration
3. Install semanage and let SELinux know of the new port number
Code: (Select All)
yum install policycoreutils-pythonCode: (Select All)
semanage port -a -t ssh_port_t -p tcp 5000Test whether successful:
Code: (Select All)
semanage port -l | grep sshResult should show Port 22 + Port 5000
4. Restart sshd and check which ports it is listening to
Code: (Select All)
systemctl restart sshdCode: (Select All)
netstat -tulpn|grep sshd4. Add new port number to Firewall
Check whether Firewall is running:
Code: (Select All)
firewall-cmd --stateCode: (Select All)
firewall-cmd --zone=public --add-port=5000/tcp --permanentCode: (Select All)
firewall-cmd --reloadCheck Port
Code: (Select All)
firewall-cmd --zone=public --list-all5. Test new port number by exiting SSH (both user and root) and then logging back in.
6. Disable SSHD Default Port
Code: (Select All)
firewall-cmd --zone=public --remove-service=ssh --permanentCode: (Select All)
firewall-cmd --reloadTest port:
Code: (Select All)
firewall-cmd --zone=public --list-allAnd @fChk is correct. No more hammering of Port 22. Thank you for this thread and Mashiro pointing me to it. Otherwise I'd never have been able to change the port number.