Skip to main content

Changing the OpenSSH Server Port

  1. By default, the OpenSSH port is indicated in the /etc/ssh/sshd_config file with a line that reads # Port 22. Uncomment the line by removing its leading # character, and replace the port number with another value of your choosing (for example, the port can be changed to 222 by changing the line to Port 222).

  2. For security reasons you should disallow the Key Manager agent user sshmgr from connecting to the host via the OpenSSH server. To do this, find the line in the /etc/ssh/sshd_config file that begins with DenyUsers, and append sshmgr to it.

    If there is no line in the /etc/ssh/sshd_config file that starts with DenyUsers, deny the sshmgr user by appending the following line to the file:

    DenyUsers sshmgr

    Save your changes to the file.

  3. Install the SELinux management tools (if they have not been installed already):

    • On Red Hat 8.x / Rocky Linux 8.4: 
      # yum install policycoreutils-python-utils

  4. Add the new OpenSSH port to the list of acceptable ports in SELinux (in this example, port 222):

    # semanage port -a -t ssh_port_t -p tcp 222

  5. Restart the OpenSSH server:

    # service sshd restart

  6. Optional: You can run the following command to verify that the OpenSSH server is listening on the new port (substitute 222 with your chosen port number):

    # netstat -tulpn | grep 222

  7. For the OpenSSH server to be usable via the new port, that port must be allowed by the firewall. Allow the new OpenSSH port on the firewall by adding the following line to the /etc/sysconfig/iptables file (substitute 222 with your chosen port number):

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 222 -j ACCEPT

    Save your changes to the file. Restart the firewall to apply the changes:

    # service iptables restart

The OpenSSH server should now function under the new port.