Do not put SSH port to above 1024

Many of us might think about changing the SSH port is a must-have item for enhancing security. However, the fact is that if we do not fully understand how does the OS handle ports, we might make mistake on security by doing this. You can check the article Why putting SSH on another port than 22 is bad idea. After that, we might need to re-think about what we need to do 🙂

In many cases, you still want to change the SSH ports to some ports under 1024. It is ok, but be sure to have the port be added to SELinux rules before exiting your SSH connection or you will not be able to login again. Simply run
[bash]semanage port -a -t ssh_port_t -p tcp 222[/bash]
to allow the port 222 is bindable, and then you can restart the SSHD service.

In case semanage is not found under CentOS, you can easily find it as follows:
[bash]yum whatprovides /usr/sbin/semanage
yum -y install policycoreutils-python[/bash]

Enjoy 🙂

About NhocConan

A super lazy guy who tries to write tech blog entries in English.He is lazy, so he can only write when he is in a good mood or when he is tired of coding.

Leave a comment

Your email address will not be published.