On Fri Jan24'25 04:54:36PM, Patrick O'Callaghan wrote:
From: Patrick O'Callaghan pocallaghan@gmail.com Date: Fri, 24 Jan 2025 16:54:36 +0000 To: users@lists.fedoraproject.org Reply-To: Community support for Fedora users users@lists.fedoraproject.org Subject: Re: OT: How to select a new port number for ssh
On Fri, 2025-01-24 at 11:40 -0500, Lester Petrie wrote:
I have a NAS I wish to change the ssh port from 22 to something else. How do I go about selecting a good port number?
Look at the standard ports in /etc/services and choose something different. Depending on access control to the NAS, you might want to choose something below 1023.
poc
I have not done this for a while, but I have my port set to a nonstandard number. Btw, I was always given to believe that moving it from 22 was the right thing to do because that was the most obvious port to attack.
Anyway, in the past, I had to do this (per some helpful instructions from this mailing list) sort of from long ago when firewalld was introduced in Fedora.
I last did this about a year (or two) ago, and it worked then.
From my notes:
# sudo semanage port -p tcp -a -t ssh_port_t ******
# where ****** is the port number desired
### get into system-config firewall and open the port ****** for tcp (I do not have to do this).
# add the port number ****** in /etc/ssh/sshd_config replacing Port 22 (default)
# Now, doing the same using firewalld (not sure if the above has to be done, but the latter has to be done):
sudo dnf install firewall-config
# Start firewall-config.
# At the top, notice there is a drop down menu. Pull down and select "Permanent"
# Select the Services Tab and then Edit Services.
# Find the ssh entry and click +Add
# Add the port you want
# Click on the "Reload firewalld" under "Options"
# You're done
# # Note that you will need to change the port number in /etc/sshd_config if not done earlier:
sudo systemctl enable sshd.service
I am not sure if these help you, but they are what I have always done when I need a machine (for the past 10-15 years) with incoming ssh.
HTH,
Ranjan