Changing the SSH port for a RHEL Azure VM

I’m working with Red Hat Enterprise Linux (RHEL) VMs on Azure and one of the best practices that Microsoft recommends is to change the default SSH port from 22 to something else. I was looking for a consolidated set of instructions to do this and I couldn’t find one, so I thought I’d do a quick post on it.

The steps that need to be performed are:

  • Allow the new port in the RHEL firewall
  • Change the SSH daemon to listen on the new port
  • Add an incoming rule in the VM network security group for the new port
  • Remove the rule that allows port 22

Changing the SSH port has to be done after creating the VM, as the SSH daemon is set up to listen on port 22 by default, so as part of the VM configuration, make sure to allow port 22 to be opened. Once the VM is created and running, connect to it using your favorite SSH client.

Let’s choose port 52019 to use instead of 22.

To allow the port in the RHEL firewall:

sudo firewall-cmd --permanent --zone=public --add-port=52019/tcp
sudo firewall-cmd --reload

You should see a ‘Success’ message after each of these commands, and you can double check that the firewall rule was added using:

sudo iptables-save | grep '52019'

And you should see:

-A IN_public_allow -p tcp -m tcp --dport 52019 -m conntrack --ctstate NEW -j ACCEPT

To change the SSH daemon to use port 52019 we need to change it’s configuration and restart it. Edit the config file using:

sudo vi /etc/ssh/sshd_config

Now vi is not very user friendly, but it’s easy once you learn it. Use the down arrow so your cursor is over the # at the start of the line that says:

#Port 22

Hit your Insert key until the word REPLACE shows at the bottom of the SSH window. Then type:

Port 52019

Now hit Esc then :w and then Esc then :q to write the file and exit.

To restart the SSH daemon:

sudo service sshd restart

Now go into the Azure Portal and for that VM:

  • Click Networking in the Settings pane and click the blue ‘Add inbound port rule’ button on the right
  • In the wizard that comes up, change the ‘Destination port ranges’ to 52019 and the ‘Name’ to something like ‘IncomingSSH’
  • Click the blue ‘Add’ button

Once the rule has been added, you should be able to create a new SSH connection to the VM using port 52019. Once you’ve done that, drop the initial SSH connection that’s still using port 22 by going back to the Networking tab in the Azure Portal, finding the existing rule for port 22, click the ‘…’ on the right and selecting Delete.

Hope this helps anyone else looking for concise instructions.

Twenty years ago today…

… I emigrated to the United States. I boarded a plane in Glasgow with my (then) wife Sylvia, bounced in Amsterdam and then landed in Seattle, entering the US on an H1B visa after almost five years of working for DEC/Digital. We arrived in temp housing a block away from the Microsoft Campus late in the evening, and I started work in Building 1 with the SQL Server team on Monday, February 1st 1999. My first task was making the integer conversion code in BULK INSERT and bcp go faster. Microsoft was nice enough to pay for my Green Card, making us Permanent Residents on Valentine’s Day 2002, and I naturalized as a U.S. citizen on April 3, 2012.

Fast forward 20 years from 1999 and here I am today running SQLskills with Kimberly (left Microsoft on August 31, 2007), with an eldest daughter studying at U.C. Berkeley to be a trauma surgeon and the other daughter a junior in high school. (Sylvia is still here too, in case you were wondering, naturalized, remarried, and we’re good friends – the girls are lucky to have her as their mother.)

It’s been a pretty wild ride over the last twenty years, but I wouldn’t live anywhere else in the world now.

Thank you to Microsoft for bringing me here, and thank you to the United States for accepting me as a citizen.