SSH hardening: change default port, firewall, and sshd_config

Andrew Dorokhov schedule 1 min read

menu_book Table of Contents

Configuring `SSH`

Open the SSH configuration file:

sudo vi /etc/ssh/sshd_config

Specify a new port:

Port 2022

Tell SELinux about changing the port:

sudo semanage port -a -t ssh_port_t -p tcp 2022

Reload SSH:

sudo systemctl reload sshd

Configuring `firewalld`

If you have changed the SSH port for your server, you will have to specify the new port explicitly. You will also need to include the protocol that the service utilizes.

sudo firewall-cmd --permanent --add-port=2022/tcp

See current configuration:

sudo firewall-cmd --permanent --list-all

Reload the firewall to implement the changes:

sudo firewall-cmd --reload

sudo firewall-cmd --permanent --remove-service=ssh

Reload the firewall:

sudo firewall-cmd --reload

code

Need Help with Development?

Happy to help — reach out via the contacts or go straight to my Upwork profile.

work View Upwork Profile arrow_forward

Linux firewall: firewalld, zones, ports, and permanent rules

arrow_forward

Configuring SSH

Configuring firewalld

Need Help with Development?

Linux firewall: firewalld, zones, ports, and permanent rules

Configuring `SSH`

Configuring `firewalld`