Tutorial SSH Setup (Add sudo user/Disallow Root/Port Change)


New Member
Oct 23, 2019
I highly recommend installing man-pages as it will give you in depth descriptions of the commands used in this tutorial yum install man-pages

man adduser

1. Lets create our new sudo user, for this example I will create user rusty.

Create the new user:
adduser rusty
Assign a password to username rusty:
passwd rusty
We have created user rusty! You can check by listing users:
awk -F':' '{ print $1}' /etc/passwd

Now lets make rusty a sudoer.

In CentOS there is no sudo group like in Debian based distros. CentoOS calls this group wheel.
Why wheel you ask?
The term was derived from the slang phrase big wheel, referring to a person with great power or influence.
Add user rusty to group wheel:
usermod -aG wheel rusty

Let's test rusty's new privileges
Switch to user rusty:
su - rusty
Test root privileges:
sudo whoami
Correct server response:


Now to help I have created a bash script that will create a sudo user for you. However, you get to define the username and password.
To view the content, you need to Sign In or Register.

bash addsudoer

2. Next we will make SSH more secure by disallowing root login and changing default port (22) to 2244
By default your ssh config is located at /etc/ssh/sshd_config

Lets open the config in vi text editor.
vi /etc/ssh/sshd_config

Find the line
and change it to Port 2244 removing the #.
Next find line
#PermitRootLogin yes
and change it to PermitRootLogin no removing the #.

After the changes to the config you need expose port 2244 to connect to it. CentOS has beefed up security over Debian based Linux distros at the kernal level. So not only do we need to open the port in the firewall we need to change CentOS policy to allow the SSH service over a port other than 22.

Install application required to edit policy:
yum -y install policycoreutils-python
Edit CentOS policy:
semanage port -a -t ssh_port_t -p tcp 2244)"
Close default SSH port:
firewall-cmd --remove-service=ssh --permanent
Open new port in Firewall:
firewall-cmd --permanent --zone=public --add-port=2244/tcp
Reload Firewall:
firewall-cmd --reload
Restart SSH service:
systemctl restart sshd

I have also created a bash script that will edit your SSH config for you. It will disallow root and change port to your choice.
To view the content, you need to Sign In or Register.
bash sshd_noroot_portchange

Edit(12/18): Cleaned up SSH script
Edit(1/15): Updated Links
Last edited:
Place your Business Ad here !