How to Change SSH Port in CentOS 6: Modifying sshd_config vs. ssh_config


1 views

When changing the SSH port in CentOS 6, it's crucial to understand the difference between the two main configuration files:

/etc/ssh/sshd_config  # Server configuration
/etc/ssh/ssh_config    # Client configuration

The sshd_config file controls the behavior of the SSH server (sshd). This is where you must make changes to modify the listening port:

# Open the configuration file
sudo vi /etc/ssh/sshd_config

# Find and modify the Port line (or add if it doesn't exist)
Port 2222  # Example non-standard port

# Save and restart the SSH service
sudo service sshd restart

The ssh_config file affects SSH client behavior. You generally don't need to modify this when changing the server port, unless you want to:

# For client-side default port configuration
Host *
    Port 2222

After changing the port, update your firewall rules:

# For iptables
sudo iptables -I INPUT -p tcp --dport 2222 -j ACCEPT
sudo service iptables save

# For SELinux (if enabled)
sudo semanage port -a -t ssh_port_t -p tcp 2222

Verify your changes work before closing the current session:

# Test connection to new port
ssh -p 2222 username@localhost

# Check listening ports
sudo netstat -tulnp | grep ssh
  • Always keep a backup session open when testing SSH changes
  • Consider implementing fail2ban for additional protection
  • Use key-based authentication instead of passwords
  • Regularly update your SSH package for security patches

When working with SSH on CentOS 6 (or any Linux distribution), you'll encounter two primary configuration files:

/etc/ssh/sshd_config  # Server configuration
/etc/ssh/ssh_config   # Client configuration

sshd_config controls the behavior of the SSH server (sshd daemon). This is where you define:

  • Port number the server listens on
  • Authentication methods
  • Login restrictions
  • Server-specific settings

ssh_config affects the SSH client behavior. It handles:

  • Default connection parameters
  • Host-specific configurations
  • Client-side preferences

To change your SSH port properly:

  1. Edit /etc/ssh/sshd_config:
# Find and modify the Port line
Port 2222  # Example non-standard port
  1. Update your firewall rules:
iptables -I INPUT -p tcp --dport 2222 -j ACCEPT
service iptables save
  1. Restart the SSH service:
service sshd restart

You'd only need to modify ssh_config if you want clients to:

  • Default to connecting on your new port
  • Set up host-specific configurations

Example client configuration:

Host myserver
    HostName 192.168.1.100
    Port 2222
    User myusername
  • Always test SSH access from another session before closing your current one
  • Consider implementing fail2ban for additional protection
  • Regularly check auth logs for suspicious activity
tail -f /var/log/secure