How to Upgrade Kernel LT and Set Custom SSH Port on CentOS 7

By default, CentOS 7 runs on an older 3.10 Kernel, which can limit performance and compatibility with modern container tech like Docker. Moreover, since the OS has reached its End-of-Life (EOL), default repositories are offline, making upgrades tricky. This guide explains how to manually install a Long-Term (LT) 5.x Kernel and configure a custom SSH port to harden your Linux VPS security.

1. Manually Installing Kernel LT 5.4

Since the live ELRepo mirrors for CentOS 7 have been purged, we must download the .rpm packages directly from an archive server and install them locally.

• Step 1: Download the Kernel RPMs

  Navigate to the temp directory and use wget to download the LT Kernel and Devel packages.

  DOWNLOAD KERNEL RPM

  Copy

  cd /tmp
  wget https://mirrors.viethosting.com/centos/kernel-lt/kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
  wget https://mirrors.viethosting.com/centos/kernel-lt/kernel-lt-devel-5.4.278-1.el7.elrepo.x86_64.rpm

• Step 2: Install via Localinstall

  Use YUM to install the downloaded files. This will automatically resolve any remaining base dependencies.

  INSTALL KERNEL LOCALLY

  Copy

  sudo yum localinstall -y kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
  sudo yum localinstall -y kernel-lt-devel-5.4.278-1.el7.elrepo.x86_64.rpm

2. Set the New Kernel as Default (GRUB2)

After installation, the system will still boot into the old 3.x kernel. You need to tell GRUB2 to prioritize the new 5.x version.

# Check the kernel boot order (The new kernel is usually at index 0)
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

# Set index 0 as default
sudo grub2-set-default 0

# Rebuild the GRUB configuration and reboot
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
sudo reboot

Once the server comes back online, run uname -a to verify that the 5.x Kernel is active.

3. How to Configure a Custom SSH Port (12212)

Changing the SSH port from 22 to a custom port (like 12212) significantly reduces automated brute-force attacks. On CentOS 7, you must pass two security layers: Firewalld and SELinux.

• Step 1: Modify SSHD Config

  Open the SSH config file and change the listening port.

  EDIT SSHD CONFIG

  Copy

  sudo sed -i 's/#Port 22/Port 12212/g' /etc/ssh/sshd_config

• Step 2: Allow Port 12212 in Firewalld

  Open the new port in your firewall and reload the rules.

  CONFIGURE FIREWALLD

  Copy

  sudo firewall-cmd --permanent --zone=public --add-port=12212/tcp
  sudo firewall-cmd --reload
  sudo firewall-cmd --zone=public --list-ports

• Step 3: Tag the Port in SELinux

  By default, SELinux restricts SSH to port 22. Install the management tools and authorize port 12212.

  CONFIGURE SELINUX

  Copy

  # Install semanage utility if missing
  sudo yum install policycoreutils-python -y
  
  # Bind the new port to the SSH service context
  sudo semanage port -a -t ssh_port_t -p tcp 12212
  
  # Restart the SSH daemon
  sudo systemctl restart sshd

Note: Always open a new Terminal window to test the SSH connection on port 12212 before closing your current session to prevent locking yourself out.

4. Security Warning: CentOS 7 is EOL

The smartest move is to plan a full migration of your workloads to modern, supported operating systems such as AlmaLinux 8/9, Rocky Linux, or Ubuntu LTS.

5. Conclusion

Upgrading to Kernel LT 5.x allows your legacy CentOS 7 machine to play nicely with modern container workloads, while a custom SSH port adds a solid layer of passive security. However, treat this as a temporary fix while you prepare to migrate to a newer OS.

More Technical Guides

Explore additional technical guides to optimize performance and manage your server infrastructure efficiently.

• Fix: Virtualizor Not Showing IPs From Pool on VPS Creation
• Fix Kernel Panic When Installing AlmaLinux 9 on KVM VPS
• How to Compress and Extract Files in Linux via Command Line
• What Is a Vietnam VPS? Benefits & Comparison to Offshore VPS
• What is a Dedicated Server? Benefits & When to Use It