CentOS Linux 5/6: Change OpenSSH Port Number

by on January 20, 2014 · 2 comments· LAST UPDATED January 20, 2014

in , ,

I am a new CentOS Linux user. How do I change default sshd tcp port # 22 to 2022 on CentOS Linux version 5/6?

You can set or specifies the port number that sshd server listens on. The default is TCP port # 22.

Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
Estimated completion time5m

Syntax: Change SSH port on a CentOS Linux

You can use any one of the following option in /etc/ssh/sshd_config file:

Port PortNumberHere

OR
ListenAddress IPv4Address:Port
ListenAddress IPv6Address:Port
ListenAddress Hostname:Port

If Port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local IP addresses. Multiple ListenAddress options are aloowed in sshd_config.

Run ssh on a non-standard port # 2022 using Port option

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
Edit/Append as follows to set Port to 2022:
Port 2022
Save and close the file.

CentOS run ssh on a non-standard port # 2022 using ListenAddress option

Note: If you have multiple IP address on the server, try ListenAddress as follows :

## bind sshd to two ip address on a non-standard port ##
ListenAddress 192.168.1.5:2022
ListenAddress 203.1.2.3:2022
 

Save and close the file.

Reload SSHD service

Before you restart or reload sshd server. You need to update:

  1. SELinux configuration
  2. Firewall settings

A note about OpenSSH SELinux user

If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
# semanage port -a -t ssh_port_t -p tcp 2022

Update firewall settings

You also need to update firewall settings so that users can login using TCP # 2022. Edit, /etc/sysconfig/iptables and open sshd port 2022:
# vi /etc/sysconfig/iptables
Edit/append as follows:

 
## delete or comment out port 22 line ##
## -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
## open port 2022
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT
 

Save and close the file. If you are using IPv6, edit /etc/sysconfig/ip6tables file too. Temporally, stop the firewall so that you will not loos the connectivity to the server:
# service iptables stop
# service ip6tables stop

Restart sshd on a CentOS

Type the following command to restart / reload SSHD service:
# service sshd reload

Verify new port settings with the following netstat command:
# netstat -tulpn | grep sshd

Finally, star the firewall on a CentOS Linux:
# service iptables start
## IPv6 ##
# service ip6tables start

How do I connect to ssh server on port # 2022 using ssh command?

The syntax is:

 
ssh -p PortNumberHere user@server-name-here
ssh -p PortNumberHere user@server-name-here commandNameHere
ssh -p 2022 nixcraft@192.168.1.5
ssh -p 2022 nixcraft@192.168.1.5 df
 

How do I connect to ssh server on port # 2022 using scp command?

The syntax is:

 
scp -P PortNumberHere source user@server-name-here:/path/to/dest
scp -P 2022 resume.pdf nixcraft@nas01:/backups/personal/nixcraft/files/
 

How do I connect to ssh server on port # 2022 using sftp command?

The syntax is:

 
sftp -P PortNumberHere user@server-name-here
sftp -P 2022 nixcraft@192.168.1.5
 

How do I connect to ssh server on port # 2022 using rsync command?

The syntax is as follows to change SSH port number with rsync command:

 
sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name
 

So to backup /home/vivek to server1.nixcraft.net.in at port number 2022, enter:

 
rsync -av -e 'ssh -p 2022' /home/vivek/ backupop@server1.nixcraft.net.in
 

I also suggest that you can update your /.ssh/config ($HOME/.ssh/config) fileto overrides the Port settings. This will save you some time whenever you use ssh/scp/sftp command.

See also
  1. RHEL/Red Hat Change SSH Port
  2. Man pages: sshd(8), sshd_config(5)
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 2 comments… read them below or add one }

1 Sunil Bhoi January 21, 2014 at 10:14 pm

Hi,

Nice post.
Before changing the SSH port for any server add IP of your local machine to allow list. Because there is chances to lost ssh connection to remote machine.

Regards,
Sunil Bhoi.

Reply

2 Jalal Hajigholamali January 22, 2014 at 5:37 am

Hi,
Thanks for nice article

Reply

Leave a Comment

Tagged as: , , , ,

Previous Faq:

Next Faq: