Do not put SSH port to above 1024

Many of us might think about changing the SSH port is a must-have item for enhancing security. However, the fact is that if we do not fully understand how does the OS handle ports, we might make mistake on security by doing this. You can check the article Why putting SSH on another port than 22 is bad idea. After that, we might need to re-think about what we need to do 🙂

In many cases, you still want to change the SSH ports to some ports under 1024. It is ok, but be sure to have the port be added to SELinux rules before exiting your SSH connection or you will not be able to login again. Simply run

semanage port -a -t ssh_port_t -p tcp 222

to allow the port 222 is bindable, and then you can restart the SSHD service.

In case semanage is not found under CentOS, you can easily find it as follows:

yum whatprovides /usr/sbin/semanage
yum -y install policycoreutils-python

Enjoy 🙂

Leave a Reply