How to Configure SSH to use a different Port on CentOS 7

Last Updated:

In this guide, we are going to learn how to configure SSH to use a different Port on CentOS. Even though configuring SSH Server to listen on a different port other than the default port, 22, may not gain you much from security point of view, there are still some advantages that goes with it;

  • reduces attack surface by shielding your server against automated random attacks that targets services running on default ports, attacks that target exploitation of vulnerabilities associated with specific versions of OpenSSH and its crypto libraries,
  • reduces the size of the log files as it stops bruteforced failed login attempts directed towards the default SSH port.

Configuring SSH to use a different Port on CentOS 7

Step through this guide to learn how to configure SSH server to listen on a different port.

Check if SELinux is Enforcing

Before you can proceed, check if SELinux is enforcing. If it is enforcing, you need to allow a port that you intend to use for SSH through SELinux policy.


SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

As you can see above, SELinux is enforcing.

Add New Port to SELinux Policy

Add the new SSH port to the SELinux policy by running the following command, replacing PORT 3456 with your desired SSH port:

semanage port -a -t ssh_port_t -p tcp 3456

This will add the new SSH port to the SELinux policy and allow SSH to use it.

Now, verify that SELinux has allowed sshd to listen on the two ports:

semanage port -l | grep ssh
ssh_port_t  tcp      3456, 22

If semanage command is not found, check which package provides semanage and install that package;

yum whatprovides semanage
...output snipped...
policycoreutils-python-2.5-22.el7.x86_64 : SELinux policy core python utilities
Repo : base
Matched from:
Filename : /usr/sbin/semanage

Install it as follows;

yum install -y policycoreutils-python

Configuring SSH to use a different Port

Login to your server and open the OpenSSH server configuration file, /etc/ssh/sshd_config for editing.

Uncomment the line, # Port 22 and set it to a desired port. But as a safety measure, just in case things go south, configure sshd to listen on two ports, the default port and the desired port such that your config files have two lines like as shown below. Once you confirm that the new port works fine, remove the default port setting.

Port 22
Port 3456


  • Ensure that no other service is using the new port.
  • Replace the ports accordingly.

Open New SSH Port on Firewall

If firewall is running, allow the new port on through it.

firewall-cmd --add-port=3456/tcp --permanent
firewall-cmd --reload 

Restart sshd service

systemctl restart sshd

Verify the New SSH Port

After restarting the SSH service, check if the SSH port has been updated successfully. You can do this by running the following command:

ss -altnp4 | grep sshd
LISTEN     0      128          *:3456                     *:*                   users:(("sshd",pid=1176,fd=3))
LISTEN     0      128          *:22                       *:*                   users:(("sshd",pid=1176,fd=5))

Connect to SSH using the New Port

Test that you can login to the server with new SSH port;

ssh -p 3456 root@server1

If this is successful, go ahead and remove the default port by commenting out in the sshd configuration file or block it on firewall.

Remember to restart sshd after the changes or reload firewall respectively.

That marks the end of our simple guide on configuring SSH to use a different Port on CentOS 7.

Other SSH Tutorials

Connect to VNC Server via SSH Tunnel

Monitor Linux Hosts using Nagios check_by_ssh Plugin

Configure SSH Public Key Authentication in Linux

How to Enable RDP/SSH File Transfer Over Guacamole


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “How to Configure SSH to use a different Port on CentOS 7”

  1. Explained in detailed manner and even error which can come through also shown. Keep us the good work. Thanks a lot for sharing your knowledge.


Leave a Comment