How to open port and change port SSH on Almalinux 9 with Firewalld
The open port is a network port on which the application listens, acting as a communication endpoint. We can view the list of open ports on the system by querying the network stack with commands such as ss, netstat or lsof. Each listening port can be opened or closed (filtered) by a firewall.
By default, port 22 is used to establish an SSH connection. This port is automatically configured during the installation of your operating system.
To reduce the number of brute force attacks, you can configure another port for SSH access.
Change SSH port
Before changing the port, please ensure that the applications and services installed on the server can be configured without a default port. Otherwise, changing the default port may cause these applications and services to stop working.
Also, to make sure you can back up the sshd_config file first:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Step 1: Open the SSH configuration file sshd_config with the text editor vi:
vi /etc/ssh/sshd_config
Step 2: Search for the entry Port 22.
Step 3: Enter Port new <Specified Port Number> and remove #. Port 5566 is the new SSH port in the following example:
Step 4: To restart the SSH daemon and complete the bind to the newly specified port, run the following command:
systemctl restart sshd
After changing the SSH port, you also need to add the newly changed port to the Firewalld:
firewall-cmd --add-port=5566/tcp --permanent
To reload Firewalld and all permanent rules:
firewall-cmd --reload
You can now SSH through the new port:
Open port with Firewalld
In this tutorial, we will open port 80 and the service that comes with the opened port
You can use command ss, which is used to display ports that are listening for connections, and also displays networks that accept incoming connections.
ss -ltn
Reload with the following command to add ports to the firewall
firewall-cmd --add-port=80/tcp
This rule takes effect immediately but only lasts until the next reboot. Add the –permanent flag to make it persistent:
firewall-cmd --add-port=80/tcp --permanent
Then use the following command to enable the firewall rules:
firewall-cmd --reload
You can check the newly opened port again
You won’t see it because you haven’t installed the service corresponding to the port you just opened, here we will install HTTP and try checking again because HTTP listens on port 80
You can see port 80 after HTTP settings
Also, you can check which process this port belongs to:
ss -ltnp
This is Apache (HTTP) after you install and open the port on Firewalld successfully.
Conclusion
Through this article, we have guided you to open port and change port SSH on Almalinux 9 with Firewalld. Hope this article will be useful for you.