How to change default SSH port – CentOS
You may be wondering… how can I change the default SSH port from port 22 to a different port for security reasons?
I am glad you asked. Having a secure server is imperative. With servers being compromised / hacked daily, one of the very first things you should do is secure your SSH service.
The following guide will help assist you in changing the default, insecure port (22) to something more secure 2025.
Feel free to leave your security suggestions or questions in the comments.
Important notes: We strongly recommend you implement strong passwords and install CSF (firewall) as a bare minimum for security. I personally like to take this one step further by locking down SSH to my own IP address (as an additional layer of security).
This was performed on CentOS 6.5 – but will be the same for most CentOS releases.
Step 1 – Open the SSH config file.
To do this, use the following command:
# nano -w /etc/ssh/sshd_config
Note: If you get an error message of “-bash: nano: command not found” – please install it via “yum install nano -y” and try again.
Step 2 – Make required changes to the SSHD configuration file.
Once the file is open, find the line that looks like the below screenshot. This line will have #Port 22 on it.
Just above that particular line, you can add something like this:
Port 2025
Once you make those changes, please save and exit nano.
Step 3 – Apply new configuration file.
You can apply the new SSH configuration by simply issuing the following command:
# service sshd reload
IMPORTANT NOTE: Please ensure you update your firewall/iptables and ensure the new port is allowed for incoming connections.
Step 4 – Test new settings.
You can verify if the configuration has been applied by entering the following command:
# netstat -tulpn | grep sshd
You should see two entries with the status of “LISTEN”.
The very last thing you need to do now is, open a new SSH session, using the new port settings.
Just a suggestion, make sure you leave your active SSH session open (do not close it) – in case your new connection fails – you still have the ability to go back and enable port 22.
Please leave your comments or questions below.