SSH (Secure Shell) is a standard network protocol used for secure access to network services over an unsecured network. The default port for SSH is 22, which is well-known and often targeted by attacks. By changing the default port, we can enhance the security of the system by avoiding automatic scans and attacks on the default port. In this article, we will demonstrate how to change the default SSH port on a CentOS 7 server and implement additional measures to secure access.
Preparation
Before you begin, ensure you have root access to the server where you want to change the SSH port. It is also recommended to backup the SSH configuration file to easily restore the original settings if needed.
Step 1: Backup SSH Configuration File
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
Step 2: Changing SSH Port
- Open the SSH configuration file in an editor:
vi /etc/ssh/sshd_config
- Find the line
#Port 22. Remove the#character at the beginning of the line and change the port number to your preferred value that doesn't conflict with other services. For example:Port 2222 -
Step 3: Allow New Port in Firewall
If you're using firewalld, execute the following commands to allow the new port:
firewall-cmd --permanent --zone=public --add-port=2222/tcp firewall-cmd --reload
If you're using a different firewall, refer to its documentation to allow the new port.
Step 4: Restart SSH Service
After making changes in the configuration file and adjusting firewall settings, you need to restart the SSH service to apply the changes:
systemctl restart sshd
Additional Security Measures
In addition to changing the port, you can enhance the security of your SSH access by implementing the following measures:
- Use Key-Based Authentication Instead of Passwords: Key-based authentication provides a higher level of security than traditional passwords.
- Restrict Access Using AllowUsers or AllowGroups: Allows access only to specified users or groups.
- Disable Root Login: Direct login as the root user should be disabled, and instead, privilege escalation should be used.
By changing the default SSH port and implementing additional recommended steps for security, you can significantly reduce the risk of unauthorized access to your server. Remember that security is a process, not a state, and you should regularly update and audit the security settings of your system.
