Home / server / Questions / 925019
In Process
Abel Melquiades Callejo
Asked: 2018-08-06 12:18:01 +0800 CST

How to allow SSH server to accept inbound traffic from 2 TCP ports?

  • 772

Brief

Allow the following TCP port numbers on SSH server

  • 22
  • 2222

Premises

  1. The machine uses an Amazon Linux AMI distribution
  2. The SSH installation is based on an SELinux system

Details

By default, SSH uses TCP port 22. Is it possible to allow the SSH server to accept inbound traffic from TCP port 2222? If so... How?

I looked at the SSH's config file...

/etc/ssh/sshd_config

...
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
...

It tells that I should use semanage to configure this section instead of overwriting the said file.

How to use semanage to allow the SSH server to accept inbound traffic from 2 TCP port numbers mentioned above? Also both at the same time.

ssh

2 Answers

  1. This comment means that you must do both.

    You must specify all of the desired Ports in sshd_config, and you must also run semanage as shown if you wish to add any ports other than 22.

    For example:

    Port 22
Port 2222

    Then you would run semanage:

    semanage port -a -t ssh_port_t -p tcp 2222

    After doing both of these, it is safe to restart OpenSSH.

    systemctl restart sshd
    • 4

  2. Is it possible to allow the SSH server to accept inbound traffic from TCP port 2222? If so... How?

    It is as simple as adding (additional to the default implied 22) Port directives in your sshd_config file

    Port 22
Port 2222

    With regards to the SELinux related command, that is usually only relevant on Red Hat related distributions such as RHEL, Fedora and CentOS

    And 

    # semanage port -a -t ssh_port_t -p tcp 2222

    Will add 2222 as a valid port for ssh to the ssh policy on the server running sshd

    • 0