Development Labs


Centos changing the default ssh port (Firewall-cmd,Semanage,sshd_config)

There are several ways to go about blocking remote access to your server. Is this post we focus on changing the remote port. When I say remote port , I am talking about external to your local network. I left the internal port at the default (22) . I changed the external port to XXXXXX .
1) The first thing I did was setup port forwarding on the main router . I setup the source port xxxxx to internal port xxxxx on . The source and destination matches at this stage. The key is ssh is not running on this external port. example :: firewall-cmd --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

2) On the destination server I setup another port forward via Firewall-cmd from xxxx to port 22. This was a quick fix without messing with SeLinux.

Another option you can do is change the ssh port in sshd_config. Once you do this, you will need to let Selinux know about the change and update the default service config in firewall-cmd. I will cover that in another session once I run some test.

Example commands for Selinux
semanage port –add -t ssh_port_t -p tcp xxxx
firewall-cmd –add-port= [–permanent]