[CentOS] Change SSH Port and create multiple port SSH Linux

Posted by cikul | Posted in Linux | Posted on 03-08-2012-05-2008

1

Default port for SSH is port 22, for security reason sometimes we need to change port for SSH to another port or maybe for some reason, system administrator need add more port for SSH access. The following steps will explain how this can be done.

SSH configuration located at /etc/ssh/, and file that holds current SSH setting can be found at /etc/ssh/sshd_config. 

open /etc/ssh/sshd_config using your favorite text editor and see that port setting :


# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

You see that hash (#) enable in port setting,  to activate SSH in another port you must remove hash (#) and change port to another port you want. for example 1981


# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 1981
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

if you need to have access on either complete different port or to have SSH to listen on two ports at the same time, you can add the additional port setting in a new line :


# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
Port 1981
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Save the file and restart SSH :


#service sshd restart

or


#/etc/init.d/sshd restart

Now you need to verify that SSH is listening to new port :


[root@278430 ~]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80                0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22                0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25              0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1981              0.0.0.0:* LISTEN
tcp 0 284 184.82.244.90:22        202.152.201.243:32541 ESTABLISHED
tcp 0 0 :::22                     :::* LISTEN
tcp 0 0 :::2087                   :::* LISTEN

if you see new port LISTEN, so you can using new port to access SSH.

I suggest you use a port that is not in use by popular application on the internet. Random port number should be choosen for better security. if you have firewall, you must adjust your firewall to allow access to new port.

Share and Enjoy

Comments posted (1)

kedapetan juga nih pencerahan SSH :D

Write a comment

*