SSH is a network protocol that allows secure remote access to a server or computer. By default, SSH uses port 22 for connections. However, using the default port can make your server vulnerable to attacks. Therefore, it’s a good practice to change the default SSH port to a non-standard port to increase security. Additionally, it’s important to open the new port in the firewall to ensure that incoming traffic on the new port is allowed. In this blog post, we will discuss how to change the SSH port and open the new port in the firewall on AlmaLinux.
Step 1: Log in to your AlmaLinux server
First, log in to your AlmaLinux server as a user with sudo privileges.
Step 2: Open the SSH configuration file
Next, open the SSH configuration file using a text editor such as nano or vim. The SSH configuration file is located at /etc/ssh/sshd_config. Use the following command to open the file in nano:
sudo nano /etc/ssh/sshd_config
Step 3: Change the SSH port
Find the line that specifies the SSH port, which is usually near the top of the file. The line should look like this:
#Port 22
Uncomment the line by removing the # symbol at the beginning of the line, and change the port number to the desired value. For example, if you want to use port 2222, the line should look like this:
Port 2222
Step 4: Save the changes
After making the changes, save the file and exit the text editor. In nano, you can save the file by pressing Ctrl+X, then Y to confirm the changes, and Enter to save the file.
Step 5: Open the new SSH port in the firewall
To open the new SSH port in the firewall, use the following command:
sudo firewall-cmd --add-port=2222/tcp --permanent
This command adds a new rule to the firewall configuration to allow incoming traffic on port 2222/tcp. The --permanent option makes the rule persistent, so that it will survive a firewall service restart.
Step 6: Reload the firewall configuration
After adding the new rule, reload the firewall configuration to apply the changes:
sudo firewall-cmd --reload
Step 7: Restart the SSH service
Finally, restart the SSH service to apply the changes:
sudo systemctl restart sshd
Verify that the SSH service is running on the new port by attempting to connect to the server using the new port number. For example, to connect to the server using port 2222, use the following command:
ssh user@server_ip_address -p 2222
Conclusion
Changing the default SSH port and opening the new port in the firewall are simple but effective ways to improve the security of your AlmaLinux server. By following the steps outlined in this blog post, you can easily change the SSH port to a non-standard value and add a new firewall rule to allow incoming traffic on the new port, making it more difficult for attackers to find and exploit your server.
