Hello Geeky, so today we are focusing on How to configure SSH to use a non-standard port with SELinux. So please read this tutorial carefully so you may comprehend it in a better helpful way.
Guide: How to configure SSH to use a non-standard port with SELinux
Switching the SSH listening port on your Linux servers is a simple approach to improve secure remote login. When SELinux is involved, however, you must perform a few more procedures. Jack Wallen demonstrates how to do it.
SSH includes a number of security features, one of which is the ability to configure the service to utilise a non-standard port. SSH uses port 22 out of the box. You can configure that service to use a different port, such as 33000, if you wish to make it more difficult for would-be hackers.
This technique is simple on Linux distributions that don’t use SELinux. If SELinux is involved, though, you can’t simply change the port without revealing your little secret to the security system.
And that’s precisely what I’m going to do here: I’m going to set Fedora 35 to use port 33000 for incoming SSH traffic. This procedure will work on any SELinux-enabled Linux distribution (such as RHEL, Alma Linux and Rocky Linux).
With that said, let’s get to work.
What you’ll need
To make this change, you’ll need a running instance of a Linux distribution that includes SELinux as well as the SSH server installed and a user with sudo access.
How to change the default SSH port
The first thing we’re going to do is change the default port SSH uses, which is found in the sshd_config file. Open that file for editing with the command:
sudo nano /etc/ssh/sshd_config
In that file, look for the line:
Change that line to read:
Save and close the file.
Don’t restart the daemon just yet, as we first need to deal with SELinux.
How to alert SELinux to the change
The first thing we’ll do is check to make sure SELinux is aware of SSH. Issue the command:
sudo semanage port -l | grep ssh
You should see listed:
ssh_port_t tcp 22
So SELinux is allowing SSH traffic into port 22. We’ll change that to 33000 with the command:
sudo semanage port -a -t ssh_port_t -p tcp 33000
Now, if we check which port is being used, it should come back as:
ssh_port_t tcp 33000, 22
Although SELinux is allowing port 22, SSH won’t be listening to that port, so it’s not an issue.
How to open the firewall to port 33000
Next, we must open the firewall to allow SSH traffic in through port 33000. For this, we issue the command:
sudo firewall-cmd –add-port=33000/tcp –permanent
Next, reload the firewall with:
sudo firewall-cmd –reload
Next, we’ll disable the standard SHH port through the firewall with:
sudo firewall-cmd –remove-service=ssh –permanent
Once again, reload the firewall with:
sudo firewall-cmd –reload
How to restart the SSH daemon and log in
We can now restart the SSH daemon with:
sudo systemctl restart sshd
Log into the newly configured server with:
ssh USER@SERVER -p 33000
Where USER is a remote username and SERVER is the IP address (or domain) of the remote server.
And that’s how you configure SSH to use a non-standard port on a Linux distribution that makes use of SELinux. You should consider switching all of your servers to using a non-standard port for the SSH service. When you couple that with other SSH hardening tricks, you’ll go a long way to preventing unwanted users from gaining access to your servers.
Guide about How to configure SSH to use a non-standard port with SELinux
In this guide, we told you about the How to configure SSH to use a non-standard port with SELinux; please read all steps above so that you understand How to configure SSH to use a non-standard port with SELinux in case if you need any assistance from us, then contact us.
How this tutorial or guide assisting you?
So in this guide, we discuss the How to configure SSH to use a non-standard port with SELinux, which undoubtedly benefits you.
I hope you like the guide How to configure SSH to use a non-standard port with SELinux. In case if you have any queries regards this article/tutorial you may ask us. Also, please share your love by sharing this article with your friends and family.