Home

About Us

Advertisement

Contact Us

PRIVACY POLICY

Maalavs Blog

Your Trusted Voice Across the World.

Search

Linux Configuring Multiple Ports for SSH Access

Secure Shell (SSH) allows users to securely access remote systems over a network. By default, SSH operates on port 22, but for security or administrative reasons, you may want to configure SSH to listen on multiple ports. This document provides a detailed explanation of how to set up and configure multiple SSH ports on a Linux server.

Step 1: Editing SSH Configuration File

The SSH daemon configuration file (/etc/ssh/sshd_config) needs to be updated to include additional ports.

  1. Open the SSH configuration file using a text editor: vi /etc/ssh/sshd_config
  2. Locate the existing Port directive, which typically looks like this: Port 22
  3. Add additional ports by inserting new Port directives: Port 22 Port 26 Port 1675
  4. Save the file and exit the editor.

Step 2: Restart the SSH Service

After modifying the configuration file, restart the SSH service to apply changes:

systemctl restart sshd

Verify that SSH is listening on the new ports:

netstat -tnplu | grep ssh

Alternatively, you can check if a specific port is being used by SSH:

netstat -tnplu | grep 1675

Step 3: SELinux Configuration (If Enabled)

If SELinux is enabled on your system, you need to allow the new ports explicitly:

semanage port -a -t ssh_port_t -p tcp 26
semanage port -a -t ssh_port_t -p tcp 1675

If semanage is not available, install the required package:

yum install -y policycoreutils-python-utils

Step 4: Configuring Firewall Rules

To allow SSH connections on the new ports through the firewall, execute the following commands:

firewall-cmd --permanent --add-port={26,1675}/tcp
firewall-cmd --reload

Verify the applied firewall rules:

firewall-cmd --list-all

Step 5: Configuring SSH Match Rules

The Match keyword allows you to apply different SSH settings based on the port used for connection. This can be useful for restricting root access on specific ports.

  1. Open the SSH configuration file: vi /etc/ssh/sshd_config
  2. At the end of the file, add the following rules: Match LocalPort 22 PermitRootLogin yes Match LocalPort 26 PermitRootLogin no Match LocalPort 1675 PermitRootLogin no
  3. Save and exit the file.
  4. Restart the SSH service: systemctl restart sshd

Testing SSH Connectivity

To test SSH access on different ports, use the following commands:

  • Connecting on default port 22: ssh user@your-server-ip -p 22
  • Connecting on port 26: ssh user@your-server-ip -p 26
  • Connecting on port 1675: ssh user@your-server-ip -p 1675

If the connection fails, check the SSH logs for errors:

tail -f /var/log/secure

Conclusion

By configuring SSH to listen on multiple ports and applying security policies using Match rules, you can enhance both flexibility and security. Always ensure firewall and SELinux rules are correctly configured to avoid connection issues.

Featured Articles

Search

Author Details

Madhan Gopalakrishnan

I am a passionate “tech blogger” with a knack for breaking down complex topics into simple insights or exploring the latest trends in AI With 5 years of experience in IT Infra implementation and maintenance, I love to share knowledge through in-depth articles and practical tips. When not writing, you can find my hobby “traveling to offbeat destinations”.

Follow Us on

Categories

Archives

Tags