Security through obscurity is not something one would generally recommend. But to thwart the effort of automated scanners changing the default OpenSSH port will yield you less pain in every day life. This will not fend off directed attacks or nullify vulnerabilities or bad security design.<\/p>\n
Should you see an error message such as<\/p>\n
shd[14221]: error: Bind to port 9898 on 192.168.0.50 failed: Permission denied<\/pre>\nit indicates that the system prevented the daemon to bind that port. Most likely SELinux.<\/p>\n
The instructions provided will be valid on Fedora 14\/15, CentOS 6, RHEL 6, Scientific Linux 6 and newer versions.<\/p>\n
To change the default SSH port you need to do the following.<\/p>\n
# service sshd stop<\/pre>\nAlter the \/etc\/ssh\/sshd_config with your new port<\/h2>\n
Alter the configuration file with your favorite editor, in my case \u201cnano\u201d.<\/p>\n
# nano \/etc\/ssh\/sshd_config<\/pre>\nAlter the port configuration parameter change the following line<\/p>\n
Port 22<\/pre>\nto<\/p>\n
Port 9898<\/pre>\nAlter the SELinux context with semanage<\/h2>\n
# semanage port -a -t ssh_port_t -p tcp 9898<\/pre>\nInitially you would think the following would work. But it will not. For it to work you would have to alter the policy in the selinux-policy package, rebuild and install it. So skip it, but now you know why.<\/p>\n
# semanage port -d -t ssh_port_t -p tcp 22<\/pre>\nStart the SSH daemon<\/h2>\n
# service sshd start<\/pre>\n","protected":false},"excerpt":{"rendered":"Security through obscurity is not something one would generally recommend. But to thwart the effort of automated scanners changing the default OpenSSH port will yield you less pain in every day life. This will not fend off directed attacks or nullify vulnerabilities or bad security design.<\/p>\n
Should you see an error message such as<\/p>\n
shd[14221]: […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4,9],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4603"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4603"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4603\/revisions"}],"predecessor-version":[{"id":4604,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/4603\/revisions\/4604"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}