The Problem
On CentOS/RHEL, the OpenSSH SSH Daemon (sshd) utilizes port 22 for incoming connection requests from remote OpenSSH SSH (ssh) and Secure File Transfer (sftp) clients. In some cases, however, System Administrators prefer to utilize separate ports to service ssh and sftp activity. In One such case, system administrator is facing below error while starting sshd service
sshd[13798]: error: Bind to port 2222 on 0.0.0.0 failed: Permission denied. sshd[13798]: error: Bind to port 2222 on :: failed: Permission denied. sshd[13798]: Server listening on 0.0.0.0 port 22. sshd[13798]: Server listening on :: port 22
The Solution
sshd was recently re-configured to use additional and/or non-default network ports. By default, sshd is configured to utilize network port 22. For example:
# grep ssh /etc/services ssh 22/tcp # The Secure Shell (SSH) Protocol ssh 22/udp # The Secure Shell (SSH) Protocol ssh 22/sctp # SSH
SELinux, also enabled by default, similarly expects and enforces sshd to utilize network port 22 exclusively. If re-configuring sshd to utilize additional and/or a non-default port, SELinux prevents the use of the port resulting in the observed Permission denied error.
1. Identify current SELinux permitted sshd listen ports.
# semanage port -l | grep ssh ssh_port_t tcp 22
2. Configure SELinux to allow sshd to utilize additional port 2222.
# semanage port -a -t ssh_port_t -p tcp 2222
3. Verify new SELinux permitted sshd listen ports.
# semanage port -l | grep ssh ssh_port_t tcp 2222,22
4. Restart the sshd service for the changes to take effect.
For CentOS/RHEL 7/8:
# systemctl restart sshd # systemctl status sshd
For CentOS/RHEL 5/6:
# service sshd restart # service sshd status