CentOS 7 / RHEL 7 : change OpenSSH port number ( SELINUX enabled )

Change SSH port number

First take the backup of sshd_config file.And then go for edit.

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig.$(date +%F)

Now edit the file /etc/ssh/sshd_config. Search for line#Port 22orPort 22.
Note:The#is used for commenting the line. But because ssh has well known port number 22 (below 1024). It will by default listen on port number 22.

Remove # from linePort 22. And the change 22 to new port number, here we have selected 2292 .

vi /etc/ssh/sshd_config

Port 2292

SELINUX for SSH

By default SELINUX only allow port no. 22 for ssh. Now add new port context 2292.
Note:Replace 2292 in case you have selected different port number

semanage port -a -t ssh_port_t -p tcp 2292

Now check once the port context for ssh

semanage port -l | grep ssh

Below given is output from our server

[root@localhost ~]# semanage port -l | grep ssh
ssh_port_t                     tcp      2292, 22
[root@localhost ~]#

Now Restart the SSH service

systemctl restart sshd.service

Allow port 2292 with firewalld

Now allow port number 2292 for ssh. Run the below given command. It will permanently add the new firewalld rule in public zone for port 2292 with TCP protocol.

firewall-cmd --permanent --zone=public --add-port=2292/tcp

Reload firewalld

firewall-cmd --reload

Check listening ssh port with ss command

Withss command, you can find the listening port for ssh. Use below command for this

ss -tnlp|grep ssh

Below given output is reference from our server

[root@localhost ~]# ss -tnlp|grep ssh
LISTEN     0      128                       *:2292                     *:*      users:(("sshd",2786,3))
LISTEN     0      128                      :::2292                    :::*      users:(("sshd",2786,4))
[root@localhost ~]#

Try to do ssh access to server by using port no. 2292 from remote client.