Red Hat Linux (RHEL) 5/6: Change OpenSSH Port Number

I am a new Red Hat Enterprise Linux server sysadmin. How do I change default sshd tcp port # 22 to 3033 on RHEL v5/6? How do I modify SELinux to allow port 3033 and how do I saftly update firewall on RHEL to allow tcp port # 3033? How do I change ssh port on Redhat Linux operating system?

You can set or specifies the port number that sshd server listens on. The default is TCP port # 22, but can be changed using any one of the following option in sshd_config file:

Syntax: Change SSH port on a RHEL

Port PortNumberHere

OR
ListenAddress IPv4Address:Port ListenAddress IPv6Address:Port ListenAddress Hostname:Port

Change ssh port to a non-standard port # 2022 using Port option

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
Edit/Append as follows to set Port to 2022:
Port 2022
Save and close the file.

RHEL run ssh on a non-standard port # 2022 using ListenAddress option

Note: If you have multiple IP address on the server, try ListenAddress as follows :

## bind sshd to two ip address on a non-standard port ##
ListenAddress 192.168.1.5:2022
ListenAddress 203.1.2.3:2022

Save and close the file.

Reload SSHD service on a REHL based system

Before you restart or reload sshd server. You need to update the following services on RHEL:

SELinux configuration
Firewall settings

Update OpenSSH SELinux settings on a Red Hat Linux

If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
# semanage port -a -t ssh_port_t -p tcp 2022

Update firewall settings on a Red Hat/CentOS Linux

You also need to update firewall settings so that users can login using TCP # 2022. Edit, /etc/sysconfig/iptables and open sshd port 2022:
# vi /etc/sysconfig/iptables
Edit/append as follows:

## delete or comment out port 22 line ##
## -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
## open port 2022
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file. If you are using IPv6, edit /etc/sysconfig/ip6tables file too. Next, stop the firewall so that you will not loos the connectivity to the server:
# service iptables stop # service ip6tables stop

Restart sshd on a RHEL based system

Type the following command to restart / reload SSHD service:
# service sshd reload

Verify new port settings with the following netstat command:
# netstat -tulpn | grep sshd

Finally, star the firewall on a Red Hat enterprise Linux:
# service iptables start ## IPv6 ## # service ip6tables start

How do I connect to ssh server on port # 2022 using ssh/sftp/scp/rsync commands?

The syntax is as follows for ssh command:

ssh -p PortNumberHere user@server-name-here 
ssh -p PortNumberHere user@server-name-here commandNameHere

The syntax is as follows for scp or sftp command:

scp -P PortNumberHere source user@server-name-here:/path/to/dest

sftp -P PortNumberHere user@server-name-here

The syntax is as follows to change SSH port number with rsync command:

sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name

Alternatively, you can update /.ssh/config or $HOME/.ssh/config file to overrides the Port settings. This will save you some time as you do not need to type port and other options each time you use ssh/scp/sftp command.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

nixCraft