Change SSH Port with SELinux Enabled

This post will help you change your server ssh port with selinux enabled on Centos 7 or Fedora 28 or other distros.

Suppose the new ssh port is 3333.

Change SSH port

port=3333
[root@localhost ~] cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@localhost ~] sudo sed -i "s/#Port 22/Port $port/g" /etc/ssh/sshd_config

Allow port 3333 in Selinux

[root@localhost ~] semanage port -d -t ssh_port_t -p tcp 22
[root@localhost ~] semanage port -a -t ssh_port_t -p tcp $port
[root@localhost ~] sudo systemctl restart sshd
[root@localhost ~] sudo semanage port -l | grep ssh
ssh_port_t                     tcp      3333

Allow port 3333 with firewalld

[root@localhost ~] sudo firewall-cmd --permanent --zone=public --add-port=$port/tcp
[root@localhost ~] sudo firewall-cmd --reload

Now you can login your server with following command

ssh -p $port user@ip_address

Buy Me A Coffee?

Change SSH Port with SELinux Enabled

Change SSH port

Allow port 3333 in Selinux

Allow port 3333 with firewalld

Yujiang Bi