Getting ssh on port 443 to work with firealld and SELINUX.

Why would one want sshd listening on port 443 might you ask?  Well, for my home Linux box, I don’t need a secure web server, but I do need a convenient back door to be able to log into it remotely from time to time.

443 is a standard port that is open at most public wifi spots and other places, so it makes sense to use it for a remote ssh backdoor.

To actually get it working, you need to do a few things.

The first is to configure you router to send incoming connections on 443 to your Linux system. This varies depending on your router, so you’ll have to refer to the documentation for that part.

Next, you need to tell sshd to listen on 443, and 22 ( since you’ll be overiding the default ).  Add the following lines to /etc/ssh/sshd_config:

Port 22
Port 443

And restart sshd.

Then tell firewalld you need to listen to 443:

This can be done in the GUI, or by:

firewall-cmd –add-port=443/tcp
firewall-cmd –permanent –add-port=443/tcp

Now for the tricky bit.  SELinux has to be configured to allow sshd to respond to requests on 443:

semanage port -m -t ssh_port_t -p tcp 443

And finally, since it’s always a good idea to use ssh keys instead of typing a password, after you create your keys you may have to set the context on /home/<user>/.ssh:

restorecon -Rv /home/<user>/.ssh

And that’s it.  Of couese, this should work for any port, not just 443.

Leave a Reply

Your email address will not be published. Required fields are marked *