How to Change the SSH Port on CentOS 7
One of the most common tasks during the initial configuration of a Linux server is changing the default SSH port (which is 22 by default). This action is often used as a basic security measure to reduce the visibility of the SSH service to automated attacks.
Although it doesn't protect against targeted attacks, changing the port can help prevent basic bot scans and brute-force attempts, lowering server load and reducing exposure.
1. Edit the SSH configuration file
Open the sshd_config
file using a text editor:
nano /etc/ssh/sshd_config
Locate the following line:
#Port 22
Uncomment it and replace it with a custom port of your choice, for example:
Port 7333
Note: Use a non-standard, unused port (preferably above 1023).
2. Open the new port in the firewall (CSF)
If you're using CSF (ConfigServer Security & Firewall), follow these steps:
- Edit the CSF configuration file:
nano /etc/csf/csf.conf
- Find the
TCP_IN
directive and add your custom port (e.g.,7333
) to the list. - Save and restart CSF to apply the changes:
csf -r
3. Restart the SSH service
To apply the changes, restart the SSH service:
systemctl restart sshd
or:
service sshd restart
📌 Warning
Before closing your current SSH session, start a new session using the new port to confirm everything works. If something goes wrong, you can still fix it via the active session.