Set Up and Secure SSH on CentOS, Rocky, and AlmaLinux 7, 8, and 9

This tutorial will guide you through the process of enabling SSH on your CentOS, Rocky, or AlmaLinux 7, 8, and 9 system, configuring the appropriate firewall rules to allow inbound connections, and changing the default SSH port for enhanced security.

Prerequisites

  • A CentOS, Rocky, or AlmaLinux system of appropriate version with root privileges

Step 1: Update the System

Before you start, make sure your system is up to date. Open a terminal window and run the following commands:

sudo yum update

For CentOS/Rocky/AlmaLinux 8 and 9, you can also use:

sudo dnf update

Step 2: Enable and Start the SSH Service

SSH is installed and enabled by default on most CentOS, Rocky, and AlmaLinux distributions. You can check the status of the SSH service with the following command:

sudo systemctl status sshd

If the SSH service is not enabled, you can enable and start it with these commands:

sudo systemctl enable sshd
sudo systemctl start sshd

Step 3: Configure Firewall Rules for SSH

By default, CentOS, Rocky, and AlmaLinux use firewalld as their firewall. First, ensure firewalld is installed:

sudo yum install firewalld

For CentOS/Rocky/AlmaLinux 8 and 9, you can also use:

sudo dnf install firewalld

Next, enable and start the firewalld service:

sudo systemctl enable firewalld
sudo systemctl start firewalld

Add a rule to allow inbound SSH connections:

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

Step 4: Change the Default SSH Port

In this example, we'll change the default SSH port from 22 to 33556. You can choose a different port number if you prefer, but make sure it's not already in use by another service.

First, create a backup of the original SSH configuration file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Next, open the SSH configuration file using a text editor:

sudo vi /etc/ssh/sshd_config

Find the line that starts with #Port 22 and change it to the desired port number. Remove the # at the beginning of the line to uncomment it. For example:

Port 33556

Save the file and exit the text editor.

Step 5: Configure Firewall Rules for the Custom SSH Port

Update the firewall rules to allow inbound connections on the custom SSH port. First, delete the previous SSH rule:

sudo firewall-cmd --remove-service=ssh --permanent

Add a new rule for the custom SSH port:

sudo firewall-cmd --add-port=33556/tcp --permanent

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

Step 6: Restart the SSH Service

Restart the SSH service to apply the changes with the following command:

sudo systemctl restart sshd

Step 7: Verify the Custom SSH Port

You can verify that the SSH service is listening on the custom port by running the following command:

sudo ss -tulpn | grep ssh

The output should display the new port number (e.g., 33556) in the "Local Address:Port" column.

Step 8: Connect to the Custom SSH Port

To connect to your system via SSH on the custom port, use the following command from a remote machine:

ssh -p 33556 username@10.20.30.40

Replace username with your actual username, and 10.20.30.40 with the IP address of your system.

Finale

You have now successfully set up and secured SSH on your CentOS, Rocky, or AlmaLinux system. You've enabled the SSH service, configured the appropriate firewall rules to allow inbound connections, and changed the default SSH port to enhance security. With these changes in place, you can remotely manage your system with confidence. This tutorial will guide you through the process of enabling SSH on your CentOS, Rocky, or AlmaLinux 7, 8, and 9 system, configuring the appropriate firewall rules to allow inbound connections, and changing the default SSH port for enhanced security.

Prerequisites

  • A CentOS, Rocky, or AlmaLinux system of appropriate version with root privileges

Step 1: Update the System

Before you start, make sure your system is up to date. Open a terminal window and run the following commands:

sudo yum update

For CentOS/Rocky/AlmaLinux 8 and 9, you can also use:

sudo dnf update

Step 2: Enable and Start the SSH Service

SSH is installed and enabled by default on most CentOS, Rocky, and AlmaLinux distributions. You can check the status of the SSH service with the following command:

sudo systemctl status sshd

If the SSH service is not enabled, you can enable and start it with these commands:

sudo systemctl enable sshd
sudo systemctl start sshd

Step 3: Configure Firewall Rules for SSH

By default, CentOS, Rocky, and AlmaLinux use firewalld as their firewall. First, ensure firewalld is installed:

sudo yum install firewalld

For CentOS/Rocky/AlmaLinux 8 and 9, you can also use:

sudo dnf install firewalld

Next, enable and start the firewalld service:

sudo systemctl enable firewalld
sudo systemctl start firewalld

Add a rule to allow inbound SSH connections:

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

Step 4: Change the Default SSH Port

In this example, we'll change the default SSH port from 22 to 33556. You can choose a different port number if you prefer, but make sure it's not already in use by another service.

First, create a backup of the original SSH configuration file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Next, open the SSH configuration file using a text editor:

sudo vi /etc/ssh/sshd_config

Find the line that starts with #Port 22 and change it to the desired port number. Remove the # at the beginning of the line to uncomment it. For example:

Port 33556

Save the file and exit the text editor.

Step 5: Configure Firewall Rules for the Custom SSH Port

Update the firewall rules to allow inbound connections on the custom SSH port. First, delete the previous SSH rule:

sudo firewall-cmd --remove-service=ssh --permanent

Add a new rule for the custom SSH port:

sudo firewall-cmd --add-port=33556/tcp --permanent

Reload the firewall to apply the new rules:

sudo firewall-cmd --reload

Step 6: Restart the SSH Service

Restart the SSH service to apply the changes with the following command:

sudo systemctl restart sshd

Step 7: Verify the Custom SSH Port

You can verify that the SSH service is listening on the custom port by running the following command:

sudo ss -tulpn | grep ssh

The output should display the new port number (e.g., 33556) in the "Local Address:Port" column.

Step 8: Connect to the Custom SSH Port

To connect to your system via SSH on the custom port, use the following command from a remote machine:

ssh -p 33556 username@10.20.30.40

Replace username with your actual username, and 10.20.30.40 with the IP address of your system.

Finale

You have now successfully set up and secured SSH on your CentOS, Rocky, or AlmaLinux system. You've enabled the SSH service, configured the appropriate firewall rules to allow inbound connections, and changed the default SSH port to enhance security. With these changes in place, you can remotely manage your system with confidence.