Red Hat Linux (RHEL) 5/6: Change OpenSSH Port Number

Author: Vivek Gite Last updated: August 25, 2016 2 comments

I am a new Red Hat Enterprise Linux server sysadmin. How do I change default sshd tcp port # 22 to 3033 on RHEL v5/6? How do I modify SELinux to allow port 3033 and how do I saftly update firewall on RHEL to allow tcp port # 3033? How do I change ssh port on Redhat Linux operating system?

You can set or specifies the port number that sshd server listens on. The default is TCP port # 22, but can be changed using any one of the following option in sshd_config file:

Tutorial details
Difficulty	Easy (rss)
Root privileges	Yes
Requirements	None
Time	5m

Syntax: Change SSH port on a RHEL

Port PortNumberHere

OR
ListenAddress IPv4Address:Port ListenAddress IPv6Address:Port ListenAddress Hostname:Port

Change ssh port to a non-standard port # 2022 using Port option

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
Edit/Append as follows to set Port to 2022:
Port 2022
Save and close the file.

RHEL run ssh on a non-standard port # 2022 using ListenAddress option

Note: If you have multiple IP address on the server, try ListenAddress as follows :

## bind sshd to two ip address on a non-standard port ##
ListenAddress 192.168.1.5:2022
ListenAddress 203.1.2.3:2022

Save and close the file.

Reload SSHD service on a REHL based system

Before you restart or reload sshd server. You need to update the following services on RHEL:

SELinux configuration
Firewall settings

Update OpenSSH SELinux settings on a Red Hat Linux

If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
# semanage port -a -t ssh_port_t -p tcp 2022

Update firewall settings on a Red Hat/CentOS Linux

You also need to update firewall settings so that users can login using TCP # 2022. Edit, /etc/sysconfig/iptables and open sshd port 2022:
# vi /etc/sysconfig/iptables
Edit/append as follows:

## delete or comment out port 22 line ##
## -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
## open port 2022
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2022 -j ACCEPT

Save and close the file. If you are using IPv6, edit /etc/sysconfig/ip6tables file too. Next, stop the firewall so that you will not loos the connectivity to the server:
# service iptables stop # service ip6tables stop

Restart sshd on a RHEL based system

Type the following command to restart / reload SSHD service:
# service sshd reload

Verify new port settings with the following netstat command:
# netstat -tulpn | grep sshd

Finally, star the firewall on a Red Hat enterprise Linux:
# service iptables start ## IPv6 ## # service ip6tables start

How do I connect to ssh server on port # 2022 using ssh/sftp/scp/rsync commands?

The syntax is as follows for ssh command:

ssh -p PortNumberHere user@server-name-here 
ssh -p PortNumberHere user@server-name-here commandNameHere

The syntax is as follows for scp or sftp command:

scp -P PortNumberHere source user@server-name-here:/path/to/dest

sftp -P PortNumberHere user@server-name-here

The syntax is as follows to change SSH port number with rsync command:

sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name

Alternatively, you can update /.ssh/config or $HOME/.ssh/config file to overrides the Port settings. This will save you some time as you do not need to type port and other options each time you use ssh/scp/sftp command.

Category	List of Unix and Linux commands
File Management	cat
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04