How to Change Default SSH Port in Rocky Linux 9

In this Linux tutorial, you will learn how to change default SSH port in Rocky Linux 9 or other Red Hat based Linux distributions.

 

Table of Contents:

• Why Change Default SSH Port?
• Changing SSH Service Port
• Conclusion

 

Why Change Default SSH Port?:

Changing the default SSH port from the standard port 22 to a different port can enhance the security of your server or network.

By default, SSH uses port 22 to establish a connection, and many automated hacking tools are programmed to scan this port for vulnerabilities. If you leave the SSH port as the default, your server is more susceptible to brute-force attacks and other types of malicious activity.

By changing the default SSH port to a different port, you can make it more difficult for attackers to find and target your server. This doesn't make your server completely invulnerable to attacks, but it does add an extra layer of security that can deter many automated hacking tools.

It's important to note that changing the SSH port is not a foolproof security measure on its own. It's just one part of a comprehensive security strategy that should include strong passwords, firewalls, regular software updates, and other best practices.

 

Changing SSH Service Port:

Login to your Rocky Linux server as root user by using ssh command.

# ssh root@192.168.116.128
The authenticity of host '192.168.116.128 (192.168.116.128)' can't be established.
ED25519 key fingerprint is SHA256:0HIa3JkQYbEmBNv/W6RyztUXEmxtgCheMZSSErNWi5E.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.116.128' (ED25519) to the list of known hosts.
root@192.168.116.128's password:
Last login: Sun May  7 00:37:27 2023 from 192.168.116.1

sshd service is currently running at the default port: 22/tcp. Therefore, you have easily obtained a ssh shell by using the usual syntax of ssh command.

Execute ss command to check the status of sshd service addresses and ports.

# ss -tulpn | grep sshd
tcp   LISTEN 0      128          0.0.0.0:22        0.0.0.0:*    users:(("sshd",pid=816,fd=3))
tcp   LISTEN 0      128             [::]:22           [::]:*    users:(("sshd",pid=816,fd=4))

sshd service is running at the default port and listening on all IPv4 and IPv6 interfaces.

Create a configuration file in /etc/ssh/sshd_config.d directory to define Port directive with new service port. Or you can execute following echo command at Linux terminal to do the same.

# echo "Port 1028" >> /etc/ssh/sshd_config.d/02-changeport.conf

If you are SELinux in enforcing mode for your Linux operating system, then you are also required to add this new service port in your SELinux policy.

For management of SELinux policies, you are required semanage command.

The semanage command is not installed in a minimal Rocky Linux 9 server.

Therefore, if you are unable to find it on your Linux server then you should install it by installing policycoreutils-python-utils packages.

# dnf install -y policycoreutils-python-utils

Now, execute semanage command to add new SSH port in SELinux policy.

# semanage port -a -t ssh_port_t -p tcp 1028

You are also required to allow this new SSH port in Linux firewall.

# firewall-cmd --permanent --add-port=1028/tcp
success

# firewall-cmd --reload
success

Restart sshd service to load new configurations.

# systemctl restart sshd.service

Check the status of your sshd service port again.

# ss -tulpn | grep sshd
tcp   LISTEN 0      128          0.0.0.0:1028      0.0.0.0:*    users:(("sshd",pid=1791,fd=3))
tcp   LISTEN 0      128             [::]:1028         [::]:*    users:(("sshd",pid=1791,fd=4))

Your sshd service is now running at new port: 1028/tcp.

Now, try to obtain a new SSH shell.

# ssh root@192.168.116.128
ssh: connect to host 192.168.116.128 port 22: Connection refused

As expected, you have received a 'Connection refused' error. Because there isn't any service running on port 22/tcp.

Now, obtain a ssh shell by specifying the non-default service port i.e 1028/tcp in your same Linux command.

# ssh root@192.168.116.128 -p 1028
root@192.168.116.128's password:
Last login: Sun May  7 00:38:00 2023 from 192.168.116.128

At this time, you have successfully obtain a SSH shell.

 

Conclusion:

In this Linux tutorial, you have learned how to change default SSH port in Rocky Linux 9 or other Red Hat based Linux distributions. If you are new to Linux command-line, then we suggest that you should attend online training: Linux command line for beginners