22.2 F
Nashville
Friday, December 6, 2024

How to Install the Apache Web Server on CentOS Stream 9

Apache is available within CentOS's default software repositories, which means you can install it with yum.

How to Create Users in Linux

Linux is a multi-user system, meaning that more than one person can interact with the same system simultaneously.

How to Create Bash Aliases

This tutorial demonstrates how to use the alias command to create personalized shortcuts, which can help you save time and feel less frustrated.

How do you change the default SSH port on CentOS Stream 9?

Pre-requisites:

A system with CentOS Stream 9 installed and running
Access to a terminal or command line
Root or sudo privileges

The standard SSH port on most Linux/Unix systems is TCP port 22. Every hacker trying to access your SSH server will first attack this port. Most ports are closed by default. Ports are like doors to your environment.

Changing the default SSH port adds an extra layer of security by reducing the risk of your password being cracked from a brute force attack. Port 22 is subject to numerous unauthorized attempts by attackers who want to gain access to unsecured servers.

Port numbers range from 0 to 65535. Port numbers 0-1023 are reserved for common TCP/IP applications and are called well-known ports. It is important to select a port that is not already in use by other services. It is advisable to opt for a custom ssh port within the private ports range 49152 to 65535.

Use the cat command to see a list of network services and the ports mapped to them. 

cat /etc/services

All authentication related events in CentOS 9 are logged here including successful and failed login attempts. This log file can be very useful to detect possible hacking attempts. Setting the port to a different number should drastically cut down on the number of attempts to crack ssh.

/var/log/secure

Run the following command to open the sshd_config file and modify the ssh port number

vi /etc/ssh/sshd_config

Run the following command in the vi editor to search for the string “Port 22”

:/Port 22

Type (“/”) then search the term “Port 22” and press enter. To search in Vim, press n for next instance and N for previous instance.

Press the i key to enter Insert Mode and place the cursor below #Port 22 and type your desired port number

#Port 22

Press escape to enter command mode then run the following command to write and quit the file:

:wq

Run the following command to restart the sshd service:

systemctl restart sshd

If SELinux is involved, you can’t simply change the port, without letting the security system know.

Allow new SSH port on SELinux

semanage port -a -t ssh_port_t -p tcp 55555

Confirm that the new port has been added to list of allowed ports for ssh

semanage port -l | grep ssh

Delete newly added SSH port on SELinux

semanage port -d -t ssh_port_t -p tcp 55555

Confirm that the newly added port has been removed from list of allowed ports for ssh

semanage port -l | grep ssh

If you prefer using the netstat command, you can check with:

netstat -tunlp

Open port on Firewalld

firewall-cmd --add-port=55555/tcp --permanent

firewall-cmd --reload

To remove access to a port using Firewalld

firewall-cmd --remove-port=55555/tcp --permanent

firewall-cmd --reload

List open ports using Firewalld

firewall-cmd --list-ports

To establish an SSH connection after this change, enter the following command to specify the new ssh port:

ssh root@IP_address_of_the_server -p NewPort

To allow only specific IP addresses to your Linux machine, add the following to sshd_config

AllowUsers *@IP

Then, run the following command to restart the sshd service:

systemctl restart sshd

See the accompanying guide on our YouTube channel

https://youtube.com/watch?v=zTJdCWF20qQ&t=4s

Similar Articles

- A word from our sponsors -

Follow Us

Most Popular