How to Safely Change SSH Port in AlmaLinux (e.g., to 2022)

Changing the default SSH port (22) helps protect your server from automated attacks. In this guide, we’ll show you how to change the SSH port safely and open the new port in your firewall — whether you use CSF, Imunify360, or just iptables.

⚠️ Warning: Before closing your current SSH window, always test the new port in a new terminal. If something goes wrong and you haven’t tested it, you could lock yourself out of your server!

Step 1: Choose a New SSH Port

Pick a port number between 1024 and 65535. In this example, we’ll use 2022.

Step 2: Edit SSH Configuration File

Log in to your server as root using SSH and run the following:

nano /etc/ssh/sshd_config

Find the line that says:

#Port 22

Change it to this:

Port 2022

Save and exit the file (press Ctrl + X, then Y, then Enter).

Step 3: Open Port 2022 in Your Firewall

Your server may be using different firewalls. Check below and follow the one that matches your setup:

✅ If you have CSF Firewall (common in cPanel servers):

You can do this either by terminal or from WHM panel.

Option 1: Using Terminal

nano /etc/csf/csf.conf

Find and update these two lines by adding 2022:

TCP_IN = "... ,22,2022,..."
TCP_OUT = "... ,22,2022,..."

Then restart CSF:

csf -r

Option 2: Using WHM Dashboard (Beginner Friendly)

  1. Log in to WHM as root.
  2. Search for “ConfigServer Security & Firewall” and open it.
  3. Click “Firewall Configuration.”
  4. Find the fields named TCP_IN and TCP_OUT.
  5. Add 2022 to both, separated by commas.
  6. Scroll down and click “Change.”
  7. Click “Restart csf+lfd” to apply the changes.
💡 Tip: You don’t need to remove 22 yet. Only remove it after confirming 2022 is working.

✅ If you have Imunify360 installed:

Imunify360 usually works with CSF or iptables. If you’ve already added the port using CSF (as shown above), you’re good. But to make sure changes are loaded:

Option 1: Using Terminal

imunify360-agent firewall reload
imunify360-agent firewall status

Option 2: Using WHM Panel

  1. Log in to WHM as root.
  2. Search for “Imunify360” and open it.
  3. Go to the “Firewall” tab.
  4. Look for any options to allow custom ports or confirm the port 2022 is active.
📌 Note: Imunify360 doesn’t block open ports by default, but it’s good to confirm firewall reload after any port change.

✅ If you don’t have CSF or Imunify360 (iptables only):

Run the following commands to allow port 2022:

iptables -I INPUT -p tcp --dport 2022 -j ACCEPT
service iptables save

If that doesn’t work, install iptables-services:

yum install iptables-services -y
systemctl enable iptables
systemctl start iptables

Step 4: Restart SSH Service

Apply the new port by restarting the SSH service:

systemctl restart sshd

Step 5: Test the New Port

Do NOT close your current SSH session yet. Open a new terminal and test your new port:

ssh -p 2022 root@your_server_ip

If the login works, you’re good to go!

Step 6 (Optional): Remove Old Port 22

Once you confirm that port 2022 is working, you can remove port 22 to block unwanted access.

With CSF: (via terminal or WHM)

  • Edit TCP_IN and TCP_OUT and remove 22.
  • Then restart CSF again.

With iptables:

iptables -D INPUT -p tcp --dport 22 -j ACCEPT
service iptables save

✅ Done!

You’ve successfully changed the SSH port and secured your server. Always test carefully and keep access to your hosting panel in case you need to roll back.

✅ Summary:
– Changed SSH config file to new port 2022
– Opened the port in firewall (CSF, Imunify360, or iptables)
– Restarted SSH service and tested access
– Optionally removed port 22 after verifying success
Post Views: 11
Share
July 3, 2025 by Server Management 0

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *