Changing the SSH port for a RHEL Azure VM

I’m working with Red Hat Enterprise Linux (RHEL) VMs on Azure and one of the best practices that Microsoft recommends is to change the default SSH port from 22 to something else. I was looking for a consolidated set of instructions to do this and I couldn’t find one, so I thought I’d do a quick post on it.

The steps that need to be performed are:

  • Allow the new port in the RHEL firewall
  • Change the SSH daemon to listen on the new port
  • Add an incoming rule in the VM network security group for the new port
  • Remove the rule that allows port 22

Changing the SSH port has to be done after creating the VM, as the SSH daemon is set up to listen on port 22 by default, so as part of the VM configuration, make sure to allow port 22 to be opened. Once the VM is created and running, connect to it using your favorite SSH client.

Let’s choose port 52019 to use instead of 22.

To allow the port in the RHEL firewall:

sudo firewall-cmd --permanent --zone=public --add-port=52019/tcp
sudo firewall-cmd --reload

You should see a ‘Success’ message after each of these commands, and you can double check that the firewall rule was added using:

sudo iptables-save | grep '52019'

And you should see:

-A IN_public_allow -p tcp -m tcp --dport 52019 -m conntrack --ctstate NEW -j ACCEPT

To change the SSH daemon to use port 52019 we need to change it’s configuration and restart it. Edit the config file using:

sudo vi /etc/ssh/sshd_config

Now vi is not very user friendly, but it’s easy once you learn it. Use the down arrow so your cursor is over the # at the start of the line that says:

#Port 22

Hit your Insert key until the word REPLACE shows at the bottom of the SSH window. Then type:

Port 52019

Now hit Esc then :w and then Esc then :q to write the file and exit.

To restart the SSH daemon:

sudo service sshd restart

Now go into the Azure Portal and for that VM:

  • Click Networking in the Settings pane and click the blue ‘Add inbound port rule’ button on the right
  • In the wizard that comes up, change the ‘Destination port ranges’ to 52019 and the ‘Name’ to something like ‘IncomingSSH’
  • Click the blue ‘Add’ button

Once the rule has been added, you should be able to create a new SSH connection to the VM using port 52019. Once you’ve done that, drop the initial SSH connection that’s still using port 22 by going back to the Networking tab in the Azure Portal, finding the existing rule for port 22, click the ‘…’ on the right and selecting Delete.

Hope this helps anyone else looking for concise instructions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other articles

Imagine feeling confident enough to handle whatever your database throws at you.

With training and consulting from SQLskills, you’ll be able to solve big problems, elevate your team’s capacity, and take control of your data career.