Sometimes for the security reasons, there is a need to have a separate port for ssh and sftp on CentOS/RHEL. Here’s a short how-to on configuring SSH on port 2222 and SFTP to work on port 22.
1. Since openssh-5.3p1-117.el6.x86_64 for separating the ssh and sftp port on the CentOS/RHEL systems, make changes to the /etc/ssh/sshd_config file and add the following modifications.
# vi /etc/ssh/sshd_config Port 22 Port 2222
2. Comment the default subsystem and add the below subsystem.
# vi /etc/ssh/sshd_config Subsystem sftp internal-sftp
Add the below lines at the end of file /etc/ssh/sshd_config
# vi /etc/ssh/sshd_config Match LocalPort 22 AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
3. After making the modifications just save and restart the sshd service.
# service sshd restart
This will allow port 22 for sftp connections only. Port 2222 can be used for ssh to the server.
Verify
Let’s verify our configuration. First, try ssh to the server with default port (22). It should fail as shown in the example below:
# ssh root@192.168.10.12 root@192.168.10.12's password: This service allows sftp connections only. Connection to 192.168.10.12 closed.
Now try ssh by providing the port 2222 as well. It should succeed this time.
# ssh -p 2222 root@192.168.10.12 root@192.168.10.12's password: Last login: Mon Apr 17 15:23:58 2018 from ......
As a last verification, try sftp to the system with default port i.e. 22:
# sftp root@192.168.10.12 Connecting to 192.168.10.12... root@192.168.10.12's password: sftp>