The initial setting of the SSH server uses port 22. This port number is common and widely known, which increases the risk of intrusion when opening the port. Therefore, to avoid risk, change the SSH port number from 22.
Change SSH config file
Before that, make a backup of the SSH config file for backup
[root@localhost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old
Edit the Port entry in the SSH configuration file (/ etc / ssh / sshd_config) to change the port number.
/etc/ssh/sshd_config Port 59695 (59695 numbers are examples)
Use the diff command to confirm the setting change
[root@localhost ~]# diff /etc/ssh/sshd_config.old /etc/ssh/sshd_config
17c17
< #Port 59695
---
> Port 59695
Check the syntax of the config file and make sure there are no errors
[root@localhost ~]# sshd -t
If no error is displayed, the syntax has been changed normally.
Reflect SSH settings
[root@localhost ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
Check if you can SSH login with the changed port number
SSH connection from the client side
ssh -p 59695 usr@(IP)
ssh: connect to host (IP) port 59695: Connection timed out
It doesn't connect, apparently it is necessary to set firewalld
[root@localhost ~]# cat /usr/lib/firewalld/services/ssh.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>
Copy config file before setting firewalld
[root@localhost ~]# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
Then make a backup of the config file
[root@localhost ~]# cp /etc/firewalld/services/ssh.xml /etc/firewalld/services/ssh.xml.old
Change the contents of the configuration file Change the port of /usr/lib/firewalld/services/ssh.xml to 59695
[root@localhost ~]# cat /etc/firewalld/services/ssh.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="59695"/>
</service>
Use the diff command to confirm the setting change
[root@localhost ~]# diff /etc/firewalld/services/ssh.xml.old /etc/firewalld/services/ssh.xml
5c5
< <port protocol="tcp" port="22"/>
---
> <port protocol="tcp" port="59695"/>
Reflect the changed settings
[root@localhost ~]# firewall-cmd --reload
success
If success is displayed, OK
Restart sshd
[root@localhost ~]# systemctl restart sshd
Check if you can SSH login with the changed port number again
ssh -p 59695 usr@(IP)
Last login: Time from (IP)
[usr@localhost ~]$
The connection is successfully completed by changing the SSH port.
Reference url https://webkaru.net/linux/change-ssh-port/ https://webkaru.net/linux/centos7-firewalld-ssh-port/