How to configure SSH to use a non-standard port with SELinux – Guide
To improve security when logging in remotely, you can switch the SSH listening port on your Linux servers. However, if SELinux is involved, you must perform a few more procedures. Jack Wallen demonstrates how to Knife. ..
SSH includes a series of security features, one of which is the ability to configure the service to use a non-standard port. SSH uses port 22 out of the box. You can configure this service to use a different port, such as 33000, if you want to make it more difficult for would-be hackers.
To workaround the SELinux issue on Linux distributions that don’t use SELinux, you can’t just change the port without revealing your little secret to the security system.
I’m going to configure Fedora 35 to use port 33000 for incoming SSH traffic. This procedure will work on any SELinux-enabled Linux distribution (such as RHEL, Alma Linux, and Rocky Linux).
With that said, let’s get to work.
what will you need
To make this change, you will need to install SELinux on your Linux distribution, as well as the SSH server and a user with sudo access.
How to change default SSH port
sudo nano /etc/ssh/sshd_config And change the port to 3389.
This will open a text editor and change the default sshd configuration.
“The file is encrypted” This line is encrypted. ..
The president said “I am going to make America great again.” The president said “I am going to make America great again.”
Save the file and close it.
We need to deal with SELinux first before restarting the daemon. ..
How to alert SELinux of the change
selinux-cmd –enable-ssh This will enable SSH support in SELinux.
The sudo weekly port -l command lists all the open ports on your computer. The grep ssh command searches for any open ports that are associated with the SSH protocol. ..
-The benefits of using a VPN -How to choose the best VPN for you -What are the different types of VPNs? -How to use a VPN on your computer -How to use a VPN on your phone -What are the risks of using a VPN? You should see listed: -The benefits of using a VPN -How to choose the best VPN for you -What are the different types of VPNs? -How to use a VPN on your computer -How to use a VPN on your phone -What are the risks of using a VPN? ..
sudo selinux set security level=allow ssh port=33000 ..
sudo semantic port -a -t ssh_port_t -p tcp 33000 -p tcp 3 3000
Now, if we check which port is being used, it should come back as: If we check which port is being used, it should come back as:
The ssh port on the server is TCP 33000 and the ssh port on the client is TCP 22. ..
Although SELinux is allowing port 22, SSH will not listen on this port, it is not a problem.
How to open the firewall on port 33000
sudo firewall-cmd –permanent –add-port=33000/tcp ..
sudo firewall-cmd –add-port = 33000 / tcp –permanent –name “localhost”
sudo firewall-reload ..
disable_shh_port()
This will stop the SHH daemon from starting and will also disable the port used by the SHH client.
sudo firewall-cmd –remove-service = ssh –reload ..
sudo firewall-reload This will reload the firewall. ..
How to restart the SSH daemon and login
ssh -R “–pty” “~/.ssh/config”
sudo systemctl restart sshd
curl -L “https://localhost:8080/login” This will prompt you for your username and password. After you have entered them, the server will start up and you will be able to log in.
ssh USER @ SERVER -p 33000 -t 30
Where USER is a remote username and SERVER is the IP address (or domain) of the remote server.
Configuring SSH to use a non-standard port on a Linux distribution can help prevent unauthorized users from gaining access to your servers. This can be done by changing all your servers to use a non-standard port and using other SSH hardening tricks.
Final note
SSH is a secure network interface that allows users to connect to other computers over the internet. It can be used to connect to servers, or to access files on remote systems. SELinux is a security policy that helps protect your computer from unauthorized access. By default, SSH uses a non-standard port, which makes it difficult for attackers to track your activity. To use SSH with SELinux, you must first configure it using the sshconfig file.
