How To Change Default SSH Port On CentOS / Rhel 7.x

SSH (Secure Socket Shell) is a network protocol through which you can securely log onto remote systems or Server.

SSH default port is 22 so it’s very easy for hackers to access entry system by brute force attack.

We recommend to change the default SSH port number and prevent malicious activities from directly connecting to default port 22 through scripts.

we mentioned some steps about How to Change Default SSH Port On CentOS / Linux 7.

Login SSH server as root user :

#ssh [email protected]_IP
login as : root
password : password

# #take backup of the current SSH configuration on your Server according to below command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

## Now open the default SSH configuration file

sudo vi /etc/ssh/sshd_config

##And change the default port in the file and comment the 22 port

#Port 22

Port 5257 #You can change according to your requirement

Save the file.

# SELinux allows the only port 22 for SSH on server therefore enable the new port 5257 on SELinux through semanage command.

By default this command is not available on Centos/ Linux 7 Server so first install SELnix packages on server through below command:

sudo yum -y install policycoreutils-python

##after installing the package run below command for enable the new port on SELinux.

sudo semanage port -a -t ssh_port_t -p tcp 5257

##You can verify that SELinux has the new port by searching the output of the semanage port -l command

semanage port -l | grep ssh

##Now allow the new port 5257 on firewall

sudo firewall-cmd --permanent --zone=public --add-port=5257/tcp

##Reload the firewall configurations

sudo firewall-cmd –reload

##You must restart the SSH service with the following command:

systemctl restart sshd.service



  1. Hello ,

    i have made a mistake after execute this command
    sudo firewall-cmd –permanent –zone=public –add-port=5257/tcp

    i need now close this port from firewall 5257 ??

    how to make that ?


    1. Hello Mohamed

      Use below commands for the solution.
      $ firewall-cmd –zone=public –remove-port=5257/tcp
      $ firewall-cmd –runtime-to-permanent
      $ firewall-cmd –reload


Leave a Reply

Your email address will not be published. Required fields are marked *