On today’s tutorial we will guide you on how to change SSH port number on CentOS Stream 9. As you know that CentOS Stream 9 is a successor of CentOS Stream 8 which will reach its end of life on 31 May, 2024. Altough RedHat have killed of the CentOS Project, but the CentOS Project is still running itself unnoticed by the open source community.

As the next major release of CentOS Stream distribution system, CentOS Stream 9 is still based on Red Hat source code and Fedora 34, exactly the Red Hat Enterprise Linux 9 (RHEL). And it specially developed by engineering team under Red Hat company along with the CentOS and open source community.

Before moving into the next step, make sure to meet the following requirenments.


* VPS, Cloud or Bare-Metal
* Running under CentOS Stream 9
* Server IPv4 Address with Superuser Privileges (Root Access)
* Nano or VIM Editor
* Gnome Terminal for Linux Desktop
* PuTTy SSH Client for Windows or Mac
* Powershell for Windows 10/11

1.) Login to the Server via SSH Console

For learning purpose I will use cheap $5 vps or droplets from Digital Ocean. Login to your server via SSH terminal with the following command, and make sure to change the server IP with your actual server IPv4 address.

$ ssh [email protected]
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:GnXiDd741Qr/ZZlXG/rB2QFDIwn5/RXwWRdK80NFzVU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
[email protected]'s password:
Activate the web console with: systemctl enable --now cockpit.socket

2.) Install Editor

You can install and use your prefered editor on Linux, either it nano or VIM. Simply run the following command to install nano editor.

$ dnf install nano -y
Last metadata expiration check: 0:02:54 ago on Thu 26 May 2022 12:20:30 AM EDT.
Dependencies resolved.
Package Architecture Version Repository Size
nano x86_64 5.6.1-5.el9 baseos 710 k

Transaction Summary
Install 1 Package

Total download size: 710 k
Installed size: 2.7 M
Downloading Packages:
nano-5.6.1-5.el9.x86_64.rpm 1.3 MB/s | 710 kB 00:00
Total 1.0 MB/s | 710 kB 00:00
CentOS Stream 9 - BaseOS 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x8483C65D:
Userid : "CentOS (CentOS Official Signing Key) <[email protected]>"
Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : nano-5.6.1-5.el9.x86_64 1/1
Running scriptlet: nano-5.6.1-5.el9.x86_64 1/1
Verifying : nano-5.6.1-5.el9.x86_64 1/1



3.) Check the Firewall Status

Check if there is any Firewall service running inside your CentOS 9 machine. Usually is Firewalld or Iptables which is installed by default on RHEL-based distros like CentOS, CloudLinux, Oracle Linux, Rocky Linux and AlmaLinux.

$ systemctl status firewalld
Unit firewalld.service could not be found.

It means there are no Firewall running inside your CentOS 9 machine. Simply run the following command to install the Firewalld.

$ yum install firewalld
DigitalOcean Agent 40 kB/s | 3.3 kB 00:00
DigitalOcean Droplet Agent 33 kB/s | 3.3 kB 00:00
Dependencies resolved.
Package Architecture Version Repository Size
firewalld noarch 1.0.0-2.el9 baseos 504 k
Installing dependencies:
firewalld-filesystem noarch 1.0.0-2.el9 baseos 9.0 k
ipset x86_64 7.11-6.el9 baseos 41 k
ipset-libs x86_64 7.11-6.el9 baseos 67 k
iptables-nft x86_64 1.8.7-28.el9 baseos 204 k
libnftnl x86_64 1.1.9-4.el9 baseos 85 k
nftables x86_64 1:0.9.8-12.el9 baseos 363 k
python3-firewall noarch 1.0.0-2.el9 baseos 380 k
python3-nftables x86_64 1:0.9.8-12.el9 baseos 19 k
Installing weak dependencies:
libcap-ng-python3 x86_64 0.8.2-7.el9 appstream 30 k

Transaction Summary
Install 10 Packages

Total download size: 1.7 M
Installed size: 6.0 M
Is this ok [y/N]: y

Check again the Firewalld status with the following command.

$ systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)

Then enable and start the Firewalld service using the following command.

$ systemctl enable firewalld
$ systemctl start firewalld

Check again the Firewalld status.

$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-05-26 00:33:02 EDT; 11s ago
Docs: man:firewalld(1)
Main PID: 11792 (firewalld)
Tasks: 2 (limit: 5741)
Memory: 23.4M
CPU: 601ms
CGroup: /system.slice/firewalld.service
└─11792 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

May 26 00:33:01 open-source.project systemd[1]: Starting firewalld - dynamic firewall daemon...
May 26 00:33:02 open-source.project systemd[1]: Started firewalld - dynamic firewall daemon.

To Stop Firewalld.

$ systemctl stop firewalld

To Restart Firewalld.

$ systemctl restart firewalld

Then simply add your custom SSH port number on FirewallD using the following command. For example, if you want to use port 4322 you can whitelisted with the following command.

$ sudo firewall-cmd --add-port 4322/tcp

$ sudo firewall-cmd --add-port 4322/tcp --permanent

$ sudo firewall-cmd --zone=public --permanent --add-port=4322/tcp
Warning: ALREADY_ENABLED: 4322:tcp

Then restart the Firewalld service with the following command.

$ systemctl restart firewalld

4.) Change SSH Port Number

After that simply change the SSH port number on file sshd_config under directory of /etc/sshd, as follow.

$ nano /etc/ssh/sshd_config

5.) Restart SSH Service

Then you can restart the SSH service with the following command.

$ systemctl restart sshd


You’ve been successfully change the SSH port number. So you will have the secure CentOS machine environment with the secure port number, rather than using default port number. And it will make the dark harker to access your machine without knowing the actual port number of your machine.

Previous articleHow To Install Docker on Rocky Linux 8.5 (Green Obsidian)
Next articleHow To Install Firewalld on CentOS Stream 9


Please enter your comment!
Please enter your name here
Captcha verification failed!
CAPTCHA user score failed. Please contact us!

This site uses Akismet to reduce spam. Learn how your comment data is processed.