How to change SSH port in Fedora 23 and how to operate your firewall

el_robertucho

2 minutes

In Fedora 23 it is possible to change the default SSH port (22) to another of your choice that is greater than 1024, and that on the contrary then you can even place another port for external connections.

fedora-23

When you are going to change the SSH port in Fedora 23 we must keep in mind three principles

  • The configuration of the sshd daemon that will be assigned to the port.
  • The firewall settings so that it can bind to that new port.
  • And configure selinux (if active) to configure the usage policy for that port.

Well then, let's see how the port is changed in the SSH configuration

We open the terminal and in / etc / ssh / sshd_config and do the following

We uncomment port and assign another number, we can also put several Ports

for sshd to listen to multiple ports>

Port

The creation of several ports can be beneficial for testing, we leave port 22 and the one we created, so we can make sure that the new port works and if the new port does not work or it is not configured at all correctly, we can reconnect port 22.

Now to add the change to selinux

Semanage port -a -t ssh_port_t -p tcp

Now we go with the firewall

firewall1

In Fedora 23 the firewall is managed with firewall-cmd.

If we need to see the activated zones:

firewall-cmd –list-all

Then it would return something like this:

FedoraServer (default, active) interfaces: sources: services: ports: protocols: masquerade: forward-ports: icmp-blocks: rich rules:

But if what we need is to tell us which is the default zone, we will write this:

firewall-cmd –get-default-zone FedoraServer

After this we can add the new port to the firewall

To add the port of type tcp to the firewall zone we will write this command line:

firewall-cmd –permanent –zone = –Add-port = / tcp

We must bear in mind that if what we want is to do a temporary test, we will omit the –Permanent, but if it is temporary, you should not see the change when consulting the firewall rules.

linux_network

Let's check if the port is open by default in the firewall with this command:

firewall-cmd –query-port = / tcp

If we have done it well and if it is open, it will indicate it with a "yes"

This same configuration can be applied in most of the Apache type http servers.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   وبسرويس پيامک said
    ago 8 years

    great post thanks for sharing

    Reply to وبسرويس پيامک
  2.   تور دبی said
    ago 8 years

    thanks for your good article

    Reply to تور دبی
  3.   وقت سفارت said
    ago 7 years

    very tanx

    Reply to وقت سفارت
  4.   جرثقیل سقفی said
    ago 6 years

    thanks for sharing post ...

    Reply to جرثقیل سقفی