When you install CentOS on your server then your default SSH port is 22. It’s default, I mean, all servers with CentOS operating system normally have port 22 opened. Any hacker may flood this port or try to connect via this port and can do any harm to the server. So the better practice is to change the port. Though it can’t do much for you, but I believe that it’s quite impossible to find out a SSH port for a hacker where the appropriate range is too long to guess the correct port. Here I will guide only to change the SSH port to another non-privileged port. Let’s start.
(1) At first connect to your server using SSH. If you’re a Windows user, then use Putty. For MAC and Linux distros, you can do it by terminal. However, after logging as root via SSH protocol, use this command syntax:
Note: I like to use Vim editor to edit files via command. You may use Nano or other editors according to your wish.
(2) Now try to find out the line written below:
Note: This line indicates that you’re using the default SSH port now. So according to simple sense, you have to edit this. Let’s see how.
(3) Remove the # sign to uncomment the line. Now edit 22 as your wish between the range of 0 to 65535. Then press Shift+ZZ and it will save the edited file. But be noted that ports between the range of 0-to-1023 are well-known and shouldn’t be used. Ports between the range of 1024-to-49152 are registered ports so they should be avoided too. Ports between the range of 49152-to-65535 are dynamic and/or private ports so they can be used without any interruption. However, if you use reserved ports, nothing can stop you. But I won’t suggest to do so to prevent unwilling technical issues.
(4) Now we will update firewall rules so that we can connect to new port. Use this command syntax:
iptables -I INPUT 1 -p tcp --dport 57343 -j ACCEPT
(5) Then save new settings as follows:
(6) We will test whether our new SSH port working or not. But before that disable the firewall temporarily.
service iptables stop
service ip6tables stop
(7) Type the following command to reload SSHD service:
service sshd reload
(8) It’s time to verify the new port settings:
netstat -tulpn | grep sshd
(9) If we see that the new port is working fine, then we will start firewall using this command syntax:
service iptables start
service ip6tables start
(10) Without closing this session, let’s try to use the new port. If you can successfully connect to the new port, enter the following command:
iptables -A INPUT -j DROP -p tcp --dport 22
Your running session will be closed automatically. That’s all. Never feel that it’s all about security. Actually many experts think that changing SSH port can never be a step of hardening security on CentOS. But something is better that nothing, so I believe that changing SSH port will add extra layer to the security of your CentOS server.