Why would one want to change the default SSH port? Does it make your server more secure? In a sense, it does. Changing the default port means that attackers get nothing by attacking the default port 22. While that’s not to say that the new port can never be hacked now, it does provide a fair amount of deterrence to most hackers.
But there is one area where it makes your server bulletproof: bots. Since there are millions of new websites being launched every day, Hackers rely on automated scanners to scan vulnerable sites and present them those that hold promise. In such cases, changing the default port will be the ultimate blockade.
To change the default SSH port on CentOS 7, you need to edit the /etc/ssh/sshd_config file. Assuming you are logged in as root already, run the following command:
# vi /etc/ssh/sshd_config
Note: This command uses the vi editor to change the contents of the file. If you’re comfortable with another editor, feel free to use that. Alternatively, if you are in a visual environment you can use a GUI-based editor as well.
Once in the file, look for the line that looks like this:
# SSH Port
Now, change it to whatever new port number you want, but make sure that the new port isn’t already taken.
Adding Firewall Exception in CentOS7
If you don’t have a firewall set up, you are already done and can skip the rest of the article.
For those who’re using a firewall, an exception needs to be added to the new port so that SSH traffic isn’t blocked.
Supposing the new port was 1234, enter the following commands:
# firewall-cmd –add-port 2124/tcp –permanent
# firewall-cmd –add-port 2124/tcp
Once this is done, restart the SSH daemon:
# service sshd restart
And that’s it! From now on, you have SSH service running on port 1234, which will also play nicely with the firewall.