Linux Tutorials Others

Secure your ssh for unauthorised access on CentOS 7 / RHEL 7

ssh_guesslinnux

in many situation i saw that  some people are tried to login to my server with wrong password as its open on port 22 , thats why i decided to change my ssh port so that no one will try to login on my server with wrong username and password.

Steps

  1. Turn ON SELINUX (if you are not interested in selinux then skip this step / if selinux is disabled )
  2. Change the SSH port to a different port
  3. Add the port to Firewall (if firewall disabled skip this step)

TURN ON SELINUX

vim /etc/selinux/config

guesslinux_ssh_harden11

one line number 7 change disabled to enforcing

SELINUX=enforcing

guesslinux_ssh_harden12

reboot the server

reboot -h now

guesslinux_ssh_harden1

Change the SSH port to a different port

vim  /etc/ssh/sshd_config

guesslinux_ssh_harden2

on line number 17 change the port to your desired port in my case its 9067

guesslinux_ssh_harden3

add the port to selinux allows port other wise selinux will disable the port (if selinux is disabled no need to modify following)

semanage port -a -t ssh_port_t -p tcp 9067

guesslinux_ssh_harden4

Add the port to Firewall

systemctl enable firewalld

systemctl restart firewalld

firewall-cmd --state

firewall-cmd --zone=public --add-port=9067/tcp --permanent

firewall-cmd --reload

guesslinux_ssh_harden5

finally restart sshd

systemctl restart sshd

guesslinux_ssh_harden6

Testing

open terminal

ssh root@139.59.27.86 -p 9067

guesslinux_ssh_harden9 guesslinux_ssh_harden10

now no one will know which port you are using for ssh.

Thank You.

Leave a Comment