If Security security-enhanced server or SELinux is enabled on your server, there is a default feature that comes equipped with Red Hat Enterprise Linux.
By default, Red Hat Enterprise Linux (RHEL) only allows SSH access through port 22, especially when SELinux (Security-Enhanced Linux) is enabled. While this is secure, leaving SSH on the default port can make your server more vulnerable to brute-force attacks.
To strengthen security, you can change the SSH port in RHEL. This guide will walk you step by step on how to update SELinux policies, reconfigure the SSH service, and apply firewall changes safely.
Steps to follow the guide:
1. Log in as Root or Sudo User
ssh root@your-server-ip
2. Check Existing SSH Port Configuration in SELinux
semanage port -l | grep ssh
You should see:
ssh_port_t tcp 22
3. Add a New Custom SSH Port
semanage port -a -t ssh_port_t -p tcp 1234
(Replace 1234 with your desired port number above 1024 that isn’t already in use.)
4. Verify the Port Addition
semanage port -l | grep ssh
Now it should display:
ssh_port_t tcp 22,1234
5. Update SSH Configuration File
Open the SSH config:
nano /etc/ssh/sshd_config
Find this line:
#Port 22
Uncomment it and replace with your new port:
Port 1234
Save & exit the file.
6. Update Firewall Rules
firewall-cmd –permanent –add-port=1234/tcp
firewall-cmd –reload
7. Restart SSH Service
/sbin/service sshd restart
Important note: Always test the new SSH port from another terminal session before closing your current one. This confirms you don’t unintentionally lock yourself out.
In this manner, you may change Red Hat Enterprise Linux’s SSH port (RHEL). We hope that you enjoyed our article; please do not hesitate to contact our support staff if you need any additional help.