Sysadmin Change default SSH port 22

I have backup server on ramnode.
Installed centos 7, openVZ

I can not change server time (Operation not permitted), but that it is not main problem, I can live with that.
Main problem is changing default ssh port 22 to another.

I can change it directly in /etc/ssh/sshd_config. I did that.
All tutorials for second step suggest to enable the newly created port through SELinux.
If get an error that semanage command not found, we shold install policycoreutils-python.

OK, i installed policycoreutils-python but still error show up.

As far as I know, there is not installed csf on server, but also there is not even default centos firewall cmd.

---

So I could not enable that new port anywhere.

I run "ss -tnlp|grep ssh" after I restart sshd service "systemctl restart sshd.service"

And I see that ssh goes through new port, but I can not login with li nor sftp application with that new ssh port.

So, my queston is how to secure that server which is without any firewall (even default one in centos)? Only thing I know is to change ssh port 22 to another number, but can not do that too.

Code:

[root@backup ~]# rpm -qa
acl-2.2.51-12.el7.x86_64
apr-1.4.8-3.el7.x86_64
apr-util-1.5.2-6.el7.x86_64
attr-2.4.46-12.el7.x86_64
audit-libs-2.6.5-3.el7_3.1.x86_64
audit-libs-python-2.6.5-3.el7_3.1.x86_64
authconfig-6.2.8-14.el7.x86_64
avahi-libs-0.6.31-17.el7.x86_64
basesystem-10.0-7.el7.centos.noarch
bash-4.2.46-21.el7_3.x86_64
bind-9.9.4-38.el7_3.2.x86_64
bind-libs-9.9.4-38.el7_3.2.x86_64
bind-libs-lite-9.9.4-38.el7_3.2.x86_64
bind-license-9.9.4-38.el7_3.2.noarch
binutils-2.25.1-22.base.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
bzip2-libs-1.0.6-13.el7.x86_64
ca-certificates-2015.2.6-73.el7.noarch
centos-logos-70.0.6-3.el7.centos.noarch
centos-release-7-3.1611.el7.centos.x86_64
checkpolicy-2.5-4.el7.x86_64
chkconfig-1.7.2-1.el7.x86_64
coreutils-8.22-18.el7.x86_64
cpio-2.11-24.el7.x86_64
cracklib-2.9.0-11.el7.x86_64
cracklib-dicts-2.9.0-11.el7.x86_64
cronie-1.4.11-14.el7_2.1.x86_64
cronie-noanacron-1.4.11-14.el7_2.1.x86_64
crontabs-1.11-6.20121102git.el7.noarch
cryptsetup-libs-1.7.2-1.el7.x86_64
cups-libs-1.6.3-26.el7.x86_64
curl-7.29.0-35.el7.centos.x86_64
cyrus-sasl-2.1.26-20.el7_2.x86_64
cyrus-sasl-lib-2.1.26-20.el7_2.x86_64
dbus-1.6.12-17.el7.x86_64
dbus-libs-1.6.12-17.el7.x86_64
device-mapper-1.02.135-1.el7_3.3.x86_64
device-mapper-libs-1.02.135-1.el7_3.3.x86_64
dhclient-4.2.5-47.el7.centos.x86_64
dhcp-common-4.2.5-47.el7.centos.x86_64
dhcp-libs-4.2.5-47.el7.centos.x86_64
diffutils-3.3-4.el7.x86_64
dracut-033-463.el7.x86_64
e2fsprogs-1.42.9-9.el7.x86_64
e2fsprogs-libs-1.42.9-9.el7.x86_64
ed-1.9-4.el7.x86_64
elfutils-0.166-2.el7.x86_64
elfutils-libelf-0.166-2.el7.x86_64
elfutils-libs-0.166-2.el7.x86_64
epel-release-7-9.noarch
ethtool-4.5-3.el7.x86_64
expat-2.1.0-10.el7_3.x86_64
fetchmail-6.3.24-5.el7.x86_64
file-libs-5.11-33.el7.x86_64
filesystem-3.2-21.el7.x86_64
findutils-4.5.11-5.el7.x86_64
finger-0.17-52.el7.x86_64
finger-server-0.17-52.el7.x86_64
fipscheck-1.4.1-5.el7.x86_64
fipscheck-lib-1.4.1-5.el7.x86_64
ftp-0.17-67.el7.x86_64
gawk-4.0.2-4.el7.x86_64
gdbm-1.10-8.el7.x86_64
GeoIP-1.5.0-11.el7.x86_64
glib2-2.46.2-4.el7.x86_64
glibc-2.17-157.el7_3.1.x86_64
glibc-common-2.17-157.el7_3.1.x86_64
gmp-6.0.0-12.el7_1.x86_64
gnupg2-2.0.22-4.el7.x86_64
gpgme-1.3.2-5.el7.x86_64
gpg-pubkey-352c64e5-52ae6884
gpg-pubkey-f4a80eb5-53a7ff4b
gpm-libs-1.20.7-5.el7.x86_64
grep-2.20-2.el7.x86_64
groff-base-1.22.2-8.el7.x86_64
gzip-1.5-8.el7.x86_64
hardlink-1.0-19.el7.x86_64
hesiod-3.2.1-3.el7.x86_64
hostname-3.13-3.el7.x86_64
httpd-2.4.6-45.el7.centos.x86_64
httpd-tools-2.4.6-45.el7.centos.x86_64
hunspell-1.3.2-15.el7.x86_64
hunspell-en-0.20121024-5.el7.noarch
hunspell-en-GB-0.20121024-5.el7.noarch
hunspell-en-US-0.20121024-5.el7.noarch
info-5.1-4.el7.x86_64
initscripts-9.49.37-1.el7.x86_64
iproute-3.10.0-74.el7.x86_64
iptables-1.4.21-17.el7.x86_64
iptables-services-1.4.21-17.el7.x86_64
iputils-20160308-8.el7.x86_64
json-c-0.11-4.el7_0.x86_64
keyutils-libs-1.5.8-3.el7.x86_64
kmod-20-9.el7.x86_64
kmod-libs-20-9.el7.x86_64
kpartx-0.4.9-99.el7_3.1.x86_64
krb5-libs-1.14.1-27.el7_3.x86_64
less-458-9.el7.x86_64
libacl-2.2.51-12.el7.x86_64
libaio-0.3.109-13.el7.x86_64
libarchive-3.1.2-10.el7_2.x86_64
libassuan-2.1.0-3.el7.x86_64
libattr-2.4.46-12.el7.x86_64
libblkid-2.23.2-33.el7.x86_64
libcap-2.22-8.el7.x86_64
libcap-ng-0.7.5-4.el7.x86_64
libcgroup-0.41-11.el7.x86_64
libcom_err-1.42.9-9.el7.x86_64
libcurl-7.29.0-35.el7.centos.x86_64
libdb-5.3.21-19.el7.x86_64
libdb-utils-5.3.21-19.el7.x86_64
libedit-3.0-12.20121213cvs.el7.x86_64
libestr-0.1.9-2.el7.x86_64
libffi-3.0.13-18.el7.x86_64
libgcc-4.8.5-11.el7.x86_64
libgcrypt-1.5.3-13.el7_3.1.x86_64
libgpg-error-1.12-3.el7.x86_64
libidn-1.28-4.el7.x86_64
libldb-1.1.26-1.el7.x86_64
libmnl-1.0.3-7.el7.x86_64
libmount-2.23.2-33.el7.x86_64
libnetfilter_conntrack-1.0.4-2.el7.x86_64
libnfnetlink-1.0.1-4.el7.x86_64
libpcap-1.5.3-8.el7.x86_64
libpipeline-1.2.3-3.el7.x86_64
libpwquality-1.2.3-4.el7.x86_64
libselinux-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-5.1.el7_3.x86_64
libsemanage-python-2.5-5.1.el7_3.x86_64
libsepol-2.5-6.el7.x86_64
libsmbclient-4.4.4-12.el7_3.x86_64
libss-1.42.9-9.el7.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64
libstdc++-4.8.5-11.el7.x86_64
libtalloc-2.1.6-1.el7.x86_64
libtasn1-3.8-3.el7.x86_64
libtdb-1.3.8-1.el7_2.x86_64
libtevent-0.9.28-1.el7.x86_64
libtirpc-0.2.4-0.8.el7.x86_64
libuser-0.60-7.el7_1.x86_64
libutempter-1.1.6-4.el7.x86_64
libuuid-2.23.2-33.el7.x86_64
libverto-0.2.5-4.el7.x86_64
libwbclient-4.4.4-12.el7_3.x86_64
libxml2-2.9.1-6.el7_2.3.x86_64
lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64
logrotate-3.8.6-12.el7.x86_64
lsof-4.87-4.el7.x86_64
lua-5.1.4-15.el7.x86_64
lzo-2.06-8.el7.x86_64
m4-1.4.16-10.el7.x86_64
mailcap-2.1.41-2.el7.noarch
mailx-12.5-12.el7_0.x86_64
make-3.82-23.el7.x86_64
man-db-2.6.3-9.el7.x86_64
man-pages-3.53-5.el7.noarch
mariadb-libs-5.5.52-1.el7.x86_64
mlocate-0.26-6.el7.x86_64
nano-2.3.1-10.el7.x86_64
ncompress-4.2.4.4-3.el7.x86_64
ncurses-5.9-13.20130511.el7.x86_64
ncurses-base-5.9-13.20130511.el7.noarch
ncurses-libs-5.9-13.20130511.el7.x86_64
net-snmp-5.7.2-24.el7_2.1.x86_64
net-snmp-agent-libs-5.7.2-24.el7_2.1.x86_64
net-snmp-libs-5.7.2-24.el7_2.1.x86_64
net-snmp-utils-5.7.2-24.el7_2.1.x86_64
newt-0.52.15-4.el7.x86_64
newt-python-0.52.15-4.el7.x86_64
nscd-2.17-157.el7_3.1.x86_64
nspr-4.11.0-1.el7_2.x86_64
nss-3.21.3-2.el7_3.x86_64
nss-softokn-3.16.2.3-14.4.el7.x86_64
nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64
nss-sysinit-3.21.3-2.el7_3.x86_64
nss-tools-3.21.3-2.el7_3.x86_64
nss-util-3.21.3-1.1.el7_3.x86_64
ntsysv-1.7.2-1.el7.x86_64
openldap-2.4.40-13.el7.x86_64
openssh-6.6.1p1-33.el7_3.x86_64
openssh-clients-6.6.1p1-33.el7_3.x86_64
openssh-server-6.6.1p1-33.el7_3.x86_64
openssl-1.0.1e-60.el7_3.1.x86_64
openssl-libs-1.0.1e-60.el7_3.1.x86_64
p11-kit-0.20.7-3.el7.x86_64
p11-kit-trust-0.20.7-3.el7.x86_64
pam-1.1.8-18.el7.x86_64
passwd-0.79-4.el7.x86_64
pcre-8.32-15.el7_2.1.x86_64
perl-5.16.3-291.el7.x86_64
perl-Carp-1.26-244.el7.noarch
perl-constant-1.27-2.el7.noarch
perl-Data-Dumper-2.145-3.el7.x86_64
perl-Encode-2.51-7.el7.x86_64
perl-Exporter-5.68-3.el7.noarch
perl-File-Path-2.09-2.el7.noarch
perl-File-Temp-0.23.01-3.el7.noarch
perl-Filter-1.49-3.el7.x86_64
perl-Getopt-Long-2.40-2.el7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
perl-libs-5.16.3-291.el7.x86_64
perl-macros-5.16.3-291.el7.x86_64
perl-parent-0.225-244.el7.noarch
perl-PathTools-3.40-5.el7.x86_64
perl-Pod-Escapes-1.04-291.el7.noarch
perl-podlators-2.5.1-3.el7.noarch
perl-Pod-Perldoc-3.20-4.el7.noarch
perl-Pod-Simple-3.28-4.el7.noarch
perl-Pod-Usage-1.63-3.el7.noarch
perl-Scalar-List-Utils-1.27-248.el7.x86_64
perl-Socket-2.010-4.el7.x86_64
perl-Storable-2.45-3.el7.x86_64
perl-Text-ParseWords-3.29-4.el7.noarch
perl-threads-1.87-4.el7.x86_64
perl-threads-shared-1.43-6.el7.x86_64
perl-Time-HiRes-1.9725-3.el7.x86_64
perl-Time-Local-1.2300-2.el7.noarch
pinentry-0.8.1-17.el7.x86_64
pkgconfig-0.27.1-4.el7.x86_64
policycoreutils-2.5-11.el7_3.x86_64
popt-1.13-16.el7.x86_64
procmail-3.22-35.el7.x86_64
procps-ng-3.3.10-10.el7.x86_64
psmisc-22.20-11.el7.x86_64
pth-2.0.7-23.el7.x86_64
pygpgme-0.3-9.el7.x86_64
pyliblzma-0.5.3-11.el7.x86_64
pytalloc-2.1.6-1.el7.x86_64
python-2.7.5-48.el7.x86_64
python-iniparse-0.4-9.el7.noarch
python-IPy-0.75-6.el7.noarch
python-libs-2.7.5-48.el7.x86_64
python-pycurl-7.19.0-19.el7.x86_64
python-urlgrabber-3.10-8.el7.noarch
pyxattr-0.5.1-5.el7.x86_64
qrencode-libs-3.4.1-3.el7.x86_64
quota-4.01-14.el7.x86_64
quota-nls-4.01-14.el7.noarch
readline-6.2-9.el7.x86_64
rootfiles-8.1-11.el7.noarch
rpcbind-0.2.0-38.el7.x86_64
rpm-4.11.3-21.el7.x86_64
rpm-build-libs-4.11.3-21.el7.x86_64
rpm-libs-4.11.3-21.el7.x86_64
rpm-python-4.11.3-21.el7.x86_64
rsnapshot-1.4.2-2.el7.noarch
rsync-3.0.9-17.el7.x86_64
rsyslog-7.4.7-16.el7.x86_64
samba-4.4.4-12.el7_3.x86_64
samba-client-4.4.4-12.el7_3.x86_64
samba-client-libs-4.4.4-12.el7_3.x86_64
samba-common-4.4.4-12.el7_3.noarch
samba-common-libs-4.4.4-12.el7_3.x86_64
samba-common-tools-4.4.4-12.el7_3.x86_64
samba-libs-4.4.4-12.el7_3.x86_64
screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64
sed-4.2.2-5.el7.x86_64
sendmail-8.14.7-4.el7.x86_64
sendmail-cf-8.14.7-4.el7.noarch
setools-libs-3.3.8-1.1.el7.x86_64
setup-2.8.71-7.el7.noarch
setuptool-1.19.11-8.el7.x86_64
shadow-utils-4.1.5.1-24.el7.x86_64
shared-mime-info-1.1-9.el7.x86_64
slang-2.2.4-11.el7.x86_64
sqlite-3.7.17-8.el7.x86_64
stunnel-4.56-6.el7.x86_64
sudo-1.8.6p7-21.el7_3.x86_64
systemd-219-30.el7_3.7.x86_64
systemd-libs-219-30.el7_3.7.x86_64
systemd-sysv-219-30.el7_3.7.x86_64
sysvinit-tools-2.88-14.dsf.el7.x86_64
talk-0.17-46.el7.x86_64
talk-server-0.17-46.el7.x86_64
tar-1.26-31.el7.x86_64
tcp_wrappers-7.6-77.el7.x86_64
tcp_wrappers-libs-7.6-77.el7.x86_64
tcpdump-4.5.1-3.el7.x86_64
tcsh-6.18.01-13.el7_3.1.x86_64
telnet-0.17-60.el7.x86_64
time-1.7-45.el7.x86_64
tmpwatch-2.11-5.el7.x86_64
traceroute-2.0.22-2.el7.x86_64
tzdata-2016j-1.el7.noarch
unzip-6.0-16.el7.x86_64
usermode-1.111-5.el7.x86_64
ustr-1.0.4-16.el7.x86_64
util-linux-2.23.2-33.el7.x86_64
vim-common-7.4.160-1.el7_3.1.x86_64
vim-enhanced-7.4.160-1.el7_3.1.x86_64
vim-filesystem-7.4.160-1.el7_3.1.x86_64
vim-minimal-7.4.160-1.el7_3.1.x86_64
vzdummy-systemd-el7-1.0-2.noarch
wget-1.14-13.el7.x86_64
which-2.20-7.el7.x86_64
xinetd-2.3.15-13.el7.x86_64
xz-5.2.2-1.el7.x86_64
xz-libs-5.2.2-1.el7.x86_64
yum-3.4.3-150.el7.centos.noarch
yum-metadata-parser-1.1.4-10.el7.x86_64
yum-plugin-fastestmirror-1.1.31-40.el7.noarch
zlib-1.2.7-17.el7.x86_64

 

centmin is not installed because there is only 128 MB Ram server.
As I said, firewalld is not installed also, I do not know why, because I think that it is installed by default with centos, but not in my case.

So I have only iptables.

Should I do this than:

• edit /etc/ssh/sshd_config and change port 22 to xxx
• restart sshd service "systemctl restart sshd.service"
• edit IPTables "iptables -A INPUT -p tcp --dport xxx -j ACCEPT"
• service iptables save

That would be all than?

Any suggest to secure server more?
P.S. Server is just backup server with 128 MB ram

 

Or this for IPtables

Code:

iptables -I INPUT -p tcp --dport xxxx --syn -j ACCEPT

 

Got it working.
I have installed centos 7 but for unknown reason it comes without firewalld, so it is only matter of IP tables.

If anyone need right steps:

Edit port 22 to XXX port (number of port you want) and uncomment that line

Code (Text):

nano /etc/ssh/sshd_config

Make rule for wanted port in IPTables

Code (Text):

iptables -I INPUT -p tcp --dport XXX --syn -j ACCEPT

Restart sshd service

Code (Text):

systemctl restart sshd.service

Check to what port sshd is connected

Code (Text):

ss -tnlp | grep ssh