How to change SSH Port Number in RHEL 8.1

Check the available package

[root@lab ~]# rpm -qa openssh*

Check the SSH Service Status

root@lab ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-10-25 10:12:37 +03; 1h 19min ago
     Docs: man:sshd(8)
 Main PID: 7204 (sshd)
    Tasks: 1 (limit: 11337)
   Memory: 7.1M
   CGroup: /system.slice/sshd.serv

note down the port number which is currently in use , in my case its 22

root@lab ~]# netstat -lnptu | grep "ssh"
tcp        0      0    *               LISTEN      7204/sshd
tcp        0      0*               LISTEN      6895/sshd: root@pts
tcp        0      0*               LISTEN      7216/sshd: root@pts
tcp6       0      0 :::22                   :::*                    LISTEN      7204/sshd
tcp6       0      0 ::1:6010                :::*                    LISTEN      6895/sshd: root@pts
tcp6       0      0 ::1:6011                :::*                    LISTEN      7216/sshd: root@pts
[root@lab ~]#

Check related configuration files of ssh server

[root@lab ~]# rpm -qc openssh-server-8.0p1-3.el8.x86_64
[root@lab ~]#

open the sshd file and edit the ports with requried number

[root@lab ~]# vim /etc/ssh/sshd_config

This is the sshd server system-wide configuration file. See
sshd_config(5) for more information.
This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options override the
default value.
If you want to change the port on a SELinux system, you have to tell
SELinux about this change.
semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Port 22000
AddressFamily any
ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Ciphers and keying
RekeyLimit default none
System-wide Crypto policy:
This system is following system-wide crypto policy. The changes to
Ciphers, MACs, KexAlgoritms and GSSAPIKexAlgorithsm will not have any
effect here. They will be overridden by command-line options passed on
the server start up.
To opt out, uncomment a line with redefinition of CRYPTO_POLICY=
variable in /etc/sysconfig/sshd to overwrite the policy.
For more information, see manual page for update-crypto-policies(8).

add ports to firewall policy and allow & reload firewall

[root@lab ~]# firewall-cmd --permanent --add-port=22000/tcp
Warning: ALREADY_ENABLED: 22000:tcp
[root@lab ~]# firewall-cmd --reload
[root@lab ~]#

add new port number to selinux

[root@lab ~]# semanage port -a -t ssh_port_t -p tcp 22000
[root@lab ~]#

check available port for ssh

[root@lab ~]# semanage port -l | grep "ssh"
ssh_port_t tcp 22000, 22

Restart the SSHD service and check status

[root@lab ~]# systemctl restart sshd.service
[root@lab ~]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-10-25 11:49:16 +03; 9s ago
Docs: man:sshd(8)
Main PID: 8214 (sshd)
Tasks: 1 (limit: 11337)
Memory: 1.1M
CGroup: /system.slice/sshd.service

check the listening port

[root@lab ~]# netstat -lnptu | grep "ssh"
tcp 0 0* LISTEN 8214/sshd
tcp 0 0* LISTEN 6895/sshd: root@pts
tcp 0 0* LISTEN 7216/sshd: root@pts
tcp6 0 0 :::22000 :::* LISTEN 8214/sshd
tcp6 0 0 ::1:6010 :::* LISTEN 6895/sshd: root@pts
tcp6 0 0 ::1:6011 :::* LISTEN 7216/sshd: root@pts
[root@lab ~]#

now open any client ssh tool and try to access server with the new ports.

thanks to visit by blogs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s