There comes a time in every sysadmin's life where they need to run SSH on an
alternate port. Should be as simple as adding multiple
/etc/sshd/config and issuing a restart to the daemon.
Except SELinux, as usual, finds a way to rain on the parade. But we don't want to disable it. Especially since reconfiguring it is so easy.
In this example we'll run SSH on it's usual
22/tcp as well as
by adding the following lines to the configuration file.
Port 80 Port 443
Since we obviously won't be needing those ports for Apache, it's safe to go ahead and relabel them.
$ sudo semanage port -m -t ssh_port_t -p tcp 80 $ sudo semanage port -m -t ssh_port_t -p tcp 443
Make sure the ports are open in firewalld.
$ sudo firewall-cmd --add-port 80/tcp --add-port 443/tcp --permanent $ sudo firewall-cmd --reload
Then restart the daemon and test it out. As usual make sure to have an active session running on standby in case you fubar your configuration.
Hint: some documentation will use
port -a but these ports may already be
-a will produce an error. Use