Easy methods to configure SSH to make use of a non-standard port with SELinux set to implementing

0
132

[ad_1]

Switching the SSH listening port is a simple means to assist safe distant login in your Linux servers. However when SELinux is concerned, you must take a number of additional steps. Jack Wallen reveals you the way.

Picture: Funtap/Shutterstock

SSH has loads of tips up its sleeve for safety, certainly one of which is to configure the service to make use of a non-standard port. Out of the field, SSH makes use of port 22. In order for you a simple solution to journey up would-be hacking makes an attempt, you may configure that service to make use of a unique port, resembling 33000.  SEE: Safety incident response coverage (TechRepublic Premium)On Linux distributions that do not use SELinux, this course of is sort of simple. Nevertheless, if SELinux is concerned, you may’t merely change the port, with out letting the safety system in in your little secret. And that is precisely what I will do right here, configure Fedora 35 to make use of port 33000 for incoming SSH site visitors. This identical course of will work on any Linux distribution that makes use of SELinux (resembling RHEL, Alma Linux and Rocky Linux).  With that stated, let’s get to work. What you may want

To make this variation, you may want a working occasion of a Linux distribution that features SELinux in addition to the SSH server put in and a consumer with sudo entry. Easy methods to change the default SSH port The very first thing we will do is change the default port SSH makes use of, which is discovered within the sshd_config file. Open that file for enhancing with the command: sudo nano /and so forth/ssh/sshd_config
In that file, search for the road: #Port 22
Change that line to learn: Port 33000
Save and shut the file.  Do not restart the daemon simply but, as we first must take care of SELinux. Easy methods to alert SELinux to the change The very first thing we’ll do is verify to verify SELinux is conscious of SSH. Concern the command: sudo semanage port -l | grep ssh
It is best to see listed: ssh_port_t tcp 22
So SELinux is permitting SSH site visitors into port 22. We’ll change that to 33000 with the command: sudo semanage port -a -t ssh_port_t -p tcp 33000
Now, if we verify which port is getting used, it ought to come again as: ssh_port_t tcp 33000, 22
Though SELinux is permitting port 22, SSH will not be listening to that port, so it is not a difficulty. Easy methods to open the firewall to port 33000 Subsequent, we should open the firewall to permit SSH site visitors in by way of port 33000. For this, we difficulty the command: sudo firewall-cmd –add-port=33000/tcp –permanent
Subsequent, reload the firewall with: sudo firewall-cmd –reload
Subsequent, we’ll disable the usual SHH port by way of the firewall with: sudo firewall-cmd –remove-service=ssh –permanent
As soon as once more, reload the firewall with: sudo firewall-cmd –reload
Easy methods to restart the SSH daemon and log in We are able to now restart the SSH daemon with: sudo systemctl restart sshd
Log into the newly configured server with: ssh USER@SERVER -p 33000
The place USER is a distant username and SERVER is the IP handle (or area) of the distant server. And that is the way you configure SSH to make use of a non-standard port on a Linux distribution that makes use of SELinux. It is best to think about switching your whole servers to utilizing a non-standard port for the SSH service. Whenever you couple that with different SSH hardening tips, you may go a protracted solution to stopping undesirable customers from having access to your servers. Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the newest tech recommendation for enterprise execs from Jack Wallen.

Cybersecurity Insider Publication

Strengthen your group’s IT safety defenses by preserving abreast of the newest cybersecurity information, options, and finest practices.
Delivered Tuesdays and Thursdays

Enroll at this time

Additionally see

[ad_2]