To modify the SSH port in CentOS7, you need to set up the firewall Firewalld and SELinux to release the new port.

Modifying the default port 22 is a simple and effective way to prevent SSH login from being exploited. Previously, this site has also introduced to you how to modify the default SSH port on Linux. However, for CentOS7, sometimes in addition to modifying the sshd_config file In addition, we also need to set up the firewall to allow new SSH ports, which mainly includes adding new ports in Firewalld and SELinux.

**The examples in this article all use 1024 as the new SSH port.

1. How to modify the SSH port

Common Linux systems, including CentOS, Ubuntu, and Debian, all modify the SSH configuration file:

vi /etc/ssh/sshd_config

Change the SSH port in the file to the new default port (Port: 1024).

For detailed tutorials, please refer to: "How to modify the default SSH port 22 in Linux and specify the SSH port"

2. CentOS7 firewall rule settings

This website has tried the above method on VPS, VDS and independent hosts. The same modification method and the same system (CentOS 7). Only on the independent host, additional configuration of the firewall is required to release the new SSH port, so If you just modify the above file and the new SSH port can be used, then there is no need to set up a firewall. If the new SSH port is blocked and you can still only remote through the old SSH port, you can set up Firewalld and Firewalld according to the following tutorial. SELinux.

1. Add port to Firewalld

Command to check whether Firewalld is enabled: firewall-cmd --state

1. Add a new SSH port in Firewalld:

firewall-cmd --zone=public --add-port=1024/tcp --permanent

2. Restart Firewalld:

firewall-cmd --reload

3. Check whether the addition is successful. If successful, yes will be returned, otherwise no will be output:

firewall-cmd --zone=public --query-port=1024/tcp

2. Add port to SELinux

Command to check whether SELinux is enabled: /usr/sbin/sestatus -v

1. First check the SSH ports released in SELinux:

semanage port -l | grep ssh

If the message here prompts that the semanage command is not found (semanage command not found), then install semanage first: yum -y install policycoreutils-python.

For CentOS 8, installing semanage requires another command: "Solution to Linode CentOS8 prompting "Unable to install policycoreutils-python"".

2. Add SSH port to SELinux

semanage port -a -t ssh_port_t -p tcp 1024

3. Check whether the addition is successful. If successful, a 1024 port will be added to the original SSH port. Otherwise, there will be only the original SSH port.

semanage port -l | grep ssh

The above is the tutorial that Lao Wang shared with you on how to set the firewall permission port on CentOS 7. This is indeed required on GGC's dedicated server to successfully modify the SSH port. Previously, there was no need to configure it when using his VPS and VDS. Firewall. In addition, if it is Alibaba Cloud, Tencent Cloud, Amazon Cloud, etc., you may also need to set up a firewall on the web page.

Finally, you can use this online gadget to check whether the CentOS port is open: IP Availability Detection Tool

Recommended site search: website registration system, cloud host, vps virtual host, domain name resolution IP address query US virtual host registration query Ministry of Industry and Information Technology, US free virtual host, national dynamic IP, mainland China registration-free CDN, virtual host service provider,