-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathssh_port_changer.sh
More file actions
94 lines (82 loc) · 2.93 KB
/
ssh_port_changer.sh
File metadata and controls
94 lines (82 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
# SSH Port Changer Script for Ubuntu, Debian, CentOS, AlmaLinux
# Developed by Hosteons.com
# License: MIT
set -e
# DISCLAIMER
cat << EOF
*** DISCLAIMER ***
Changing your SSH port can lock you out of your server.
Please ensure you have console access such as VNC, IPMI, or a KVM before proceeding.
Press Ctrl+C to cancel if unsure.
EOF
# Detect OS
if [ -e /etc/os-release ]; then
. /etc/os-release
OS_ID=$ID
OS_VER=$VERSION_ID
else
echo "Unsupported OS"
exit 1
fi
# Prompt for new port
while true; do
read -rp "Enter the new SSH port number (1-65535): " NEW_PORT
if [[ $NEW_PORT =~ ^[0-9]+$ ]] && [ "$NEW_PORT" -ge 1 ] && [ "$NEW_PORT" -le 65535 ]; then
break
else
echo "Invalid port. Please enter a number between 1 and 65535."
fi
done
# Backup sshd_config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak_$(date +%F_%T)
# Update sshd_config
if grep -qE '^#?Port ' /etc/ssh/sshd_config; then
sed -i "s/^#\?Port .*/Port $NEW_PORT/" /etc/ssh/sshd_config
else
echo "Port $NEW_PORT" >> /etc/ssh/sshd_config
fi
# Allow new port in firewall
if command -v ufw >/dev/null 2>&1; then
echo "Detected ufw. Adding rule."
ufw allow $NEW_PORT/tcp || true
elif command -v firewall-cmd >/dev/null 2>&1; then
echo "Detected firewalld. Adding rule."
firewall-cmd --permanent --add-port=$NEW_PORT/tcp || true
firewall-cmd --reload || true
elif command -v iptables >/dev/null 2>&1; then
echo "Detected iptables. Adding rule."
iptables -I INPUT -p tcp --dport $NEW_PORT -j ACCEPT
if command -v netfilter-persistent >/dev/null 2>&1; then
netfilter-persistent save
elif command -v service >/dev/null 2>&1 && service iptables save >/dev/null 2>&1; then
service iptables save
fi
else
echo "No supported firewall manager found. Please open the port manually if needed."
fi
# Handle SELinux
if command -v getenforce >/dev/null 2>&1 && [ "$(getenforce)" != "Disabled" ]; then
if command -v semanage >/dev/null 2>&1; then
echo "SELinux is enforcing. Adding port context."
semanage port -a -t ssh_port_t -p tcp $NEW_PORT 2>/dev/null || semanage port -m -t ssh_port_t -p tcp $NEW_PORT
else
echo "SELinux is enforcing but semanage is not installed. Installing policycoreutils-python-utils."
if [[ $OS_ID == "centos" || $OS_ID == "almalinux" ]]; then
yum install -y policycoreutils-python-utils
elif [[ $OS_ID == "ubuntu" || $OS_ID == "debian" ]]; then
apt install -y policycoreutils-python-utils || apt install -y policycoreutils-python
fi
semanage port -a -t ssh_port_t -p tcp $NEW_PORT 2>/dev/null || semanage port -m -t ssh_port_t -p tcp $NEW_PORT
fi
fi
# Restart SSH service
if systemctl status sshd >/dev/null 2>&1; then
systemctl restart sshd
elif systemctl status ssh >/dev/null 2>&1; then
systemctl restart ssh
else
service ssh restart || service sshd restart
fi
echo "SSH port successfully changed to $NEW_PORT."
echo "You can now reconnect using: ssh -p $NEW_PORT user@your-server-ip"