centos 7 change ssh port

admin3 April 2024Last Update :

Securing Your CentOS 7 Server: A Guide to Changing the SSH Port

centos 7 change ssh port

When it comes to securing a server, changing the default Secure Shell (SSH) port can be an effective measure against automated attacks and unauthorized access attempts. For users of CentOS 7, modifying the SSH port requires a series of steps that ensure not only enhanced security but also continued accessibility for authorized users. In this comprehensive guide, we will delve into the process of changing the SSH port on a CentOS 7 system, providing you with the knowledge and tools needed to fortify your server’s defenses.

Understanding the Importance of SSH Port Modification

Before we dive into the technicalities, let’s explore why changing the SSH port is a crucial security practice. By default, SSH listens on port 22, which is well-known and often targeted by bots and attackers. Altering the default port can reduce the risk of automated attacks and make it slightly more challenging for potential intruders to gain access.

Prerequisites for Changing the SSH Port

  • Root or sudo privileges on the CentOS 7 server
  • Access to the terminal or command line interface
  • A new port number chosen outside the range of well-known ports (0-1023)
  • Knowledge of editing configuration files in a Linux environment

Step-by-Step Guide to Changing the SSH Port on CentOS 7

Step 1: Selecting a New SSH Port Number

The first step in changing your SSH port is to select an appropriate port number. It’s recommended to choose a port above 1024 to avoid conflicts with other standard services and below 65535 as that’s the upper limit for TCP and UDP ports.

Step 2: Configuring the Firewall

Before actually changing the SSH port, you must configure the firewall to allow traffic on the new port. This ensures that you won’t be locked out of your server after making the change.

# Add a new rule to the firewall
firewall-cmd --permanent --zone=public --add-port=YOUR_NEW_PORT/tcp

# Reload the firewall to apply changes
firewall-cmd --reload

Step 3: Modifying the SSH Configuration File

With the firewall configured, the next step is to edit the SSH daemon configuration file located at /etc/ssh/sshd_config.

# Open the SSH configuration file with a text editor
vi /etc/ssh/sshd_config

# Locate the line #Port 22, remove the hashtag and change the port number

# Save and exit the editor

Step 4: Applying the Changes

After saving the new configuration, restart the SSH service to apply the changes.

# Restart the SSH service
systemctl restart sshd.service

Step 5: Testing the New SSH Port

To verify that SSH is now operating on the new port, attempt to connect from a remote machine using the updated port number.

# Connect to the server using the new SSH port
ssh -p YOUR_NEW_PORT user@yourserver.com

Ensuring Continuous Access and Troubleshooting

It’s essential to maintain access to your server during and after the port change. Always keep a current session open while testing the new configuration to prevent lockouts. If any issues arise, revert the changes using the open session and troubleshoot accordingly.

FAQ Section

What should I do if I get locked out of my server?

If you find yourself locked out, you may need to access your server through a console provided by your hosting provider or use a backup method such as KVM over IP if available.

Is changing the SSH port enough to secure my server?

While changing the SSH port can deter automated attacks, it’s not a foolproof security measure. You should implement additional security practices such as key-based authentication, fail2ban, and regular updates.

Can I use any port number for SSH?

You can use most port numbers between 1024 and 65535, but it’s best to avoid ports already in use by other services to prevent conflicts.


Changing the SSH port on your CentOS 7 server is a simple yet effective way to enhance its security. By following the steps outlined in this guide, you can minimize your server’s exposure to automated attacks and unauthorized access attempts. Remember, this measure should be part of a broader security strategy that includes multiple layers of protection.


Leave a Comment

Your email address will not be published. Required fields are marked *

Comments Rules :

Breaking News