Red Hat Linux (RHEL) 5/6: Change OpenSSH Port Number

Posted on in Categories , , , last updated August 25, 2016

I am a new Red Hat Enterprise Linux server sysadmin. How do I change default sshd tcp port # 22 to 3033 on RHEL v5/6? How do I modify SELinux to allow port 3033 and how do I saftly update firewall on RHEL to allow tcp port # 3033? How do I change ssh port on Redhat Linux operating system?

You can set or specifies the port number that sshd server listens on. The default is TCP port # 22, but can be changed using any one of the following option in sshd_config file:

Syntax: Change SSH port on a RHEL

Port PortNumberHere

OR
ListenAddress IPv4Address:Port
ListenAddress IPv6Address:Port
ListenAddress Hostname:Port

Change ssh port to a non-standard port # 2022 using Port option

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
Edit/Append as follows to set Port to 2022:
Port 2022
Save and close the file.

RHEL run ssh on a non-standard port # 2022 using ListenAddress option

Note: If you have multiple IP address on the server, try ListenAddress as follows :

## bind sshd to two ip address on a non-standard port ##
ListenAddress 192.168.1.5:2022
ListenAddress 203.1.2.3:2022

Save and close the file.

Reload SSHD service on a REHL based system

Before you restart or reload sshd server. You need to update the following services on RHEL:

  1. SELinux configuration
  2. Firewall settings

Update OpenSSH SELinux settings on a Red Hat Linux

If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
# semanage port -a -t ssh_port_t -p tcp 2022

Update firewall settings on a Red Hat/CentOS Linux

You also need to update firewall settings so that users can login using TCP # 2022. Edit, /etc/sysconfig/iptables and open sshd port 2022:
# vi /etc/sysconfig/iptables
Edit/append as follows:

## delete or comment out port 22 line ##
## -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
## open port 2022
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file. If you are using IPv6, edit /etc/sysconfig/ip6tables file too. Next, stop the firewall so that you will not loos the connectivity to the server:
# service iptables stop
# service ip6tables stop

Restart sshd on a RHEL based system

Type the following command to restart / reload SSHD service:
# service sshd reload

Verify new port settings with the following netstat command:
# netstat -tulpn | grep sshd

Finally, star the firewall on a Red Hat enterprise Linux:
# service iptables start
## IPv6 ##
# service ip6tables start

How do I connect to ssh server on port # 2022 using ssh/sftp/scp/rsync commands?

The syntax is as follows for ssh command:

ssh -p PortNumberHere user@server-name-here 
ssh -p PortNumberHere user@server-name-here commandNameHere

The syntax is as follows for scp or sftp command:

scp -P PortNumberHere source user@server-name-here:/path/to/dest

OR

sftp -P PortNumberHere user@server-name-here

The syntax is as follows to change SSH port number with rsync command:

sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name

Alternatively, you can update /.ssh/config or $HOME/.ssh/config file to overrides the Port settings. This will save you some time as you do not need to type port and other options each time you use ssh/scp/sftp command.

See also
  1. CentOS Linux Change SSH Port
  2. Man pages: sshd(8),sshd_config(5)

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

2 comment

Leave a Comment

Tagged as: Tags , , , ,