By default root user does not have permission to log into enterprise Linux via SSH. It is advisable to only allow a separate user with sudo privileges to
It is advisable to change the default port on your Linux systems to a port number other than the default port of 22, ie: 65122. To change the port number on SSH you must change the port in the SSH config file and allow that new port number through the firewall and restart both the firewall service as well as the ssh service.
The SSH port can be changed by performing the following steps:
Open the sshd config file:
vi /etc/ssh/sshd_configremove the comment from the line #Port 22 and change it to
Port PORTNUMBER
where PORTNUMBER is the desired new ephemeral port number between 49152 and 65535.
On newer versions of enterprise Linux the SSH port also has to be changed in SELinux as well by running the following commandsemanage port -a -t ssh_port_t -p tcp PORTNUMBER Also be sure to add the ssh service and new port number to the firewall.
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --add-port=PORTNUMBER/tcp --permanent
Once all the changes have been made to the configurations the firewall and ssh service must be restarted by running the following commands.
Restart the firewall first:
systemctl restart firewalldthen restart the ssh service:
systemctl restart sshd