CentOS7 配置 SSH监听多个端口方法

一、修改ssh默认端口，防止暴力破解，让系统安全多一点点：

i. 在配置文件/etc/ssh/sshd_config文件中修改

17 Port 5522
18 #AddressFamily any
19 #ListenAddress 0.0.0.0
20 #ListenAddress ::

ii. 然后重启sshd

[root@localhost ~]# systemctl restart sshd

iii. 如果自定义端口，重启sshd出现如下报错：

[root@localhost ~]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

查看详细如下：

[root@localhost ~]# journalctl -xe
-- 
-- Unit sshd.service has failed.
-- 
-- The result is failed.
Jul 19 22:39:08 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
Jul 19 22:39:08 localhost.localdomain systemd[1]: sshd.service failed.
Jul 19 22:39:08 localhost.localdomain polkitd[695]: Unregistered Authentication Agent for unix-process:3128:1153611 
Jul 19 22:39:38 localhost.localdomain polkitd[695]: Registered Authentication Agent for unix-process:3140:1156691 (s
Jul 19 22:39:38 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
-- Subject: Unit sshd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit sshd.service has begun starting up.
Jul 19 22:39:38 localhost.localdomain sshd[3146]: error: Bind to port 5522 on 0.0.0.0 failed: Permission denied.
Jul 19 22:39:38 localhost.localdomain sshd[3146]: error: Bind to port 5522 on :: failed: Permission denied.
Jul 19 22:39:38 localhost.localdomain sshd[3146]: fatal: Cannot bind any address.
Jul 19 22:39:38 localhost.localdomain systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
Jul 19 22:39:38 localhost.localdomain systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit sshd.service has failed.
-- 
-- The result is failed.
Jul 19 22:39:38 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
Jul 19 22:39:38 localhost.localdomain systemd[1]: sshd.service failed.
Jul 19 22:39:38 localhost.localdomain polkitd[695]: Unregistered Authentication Agent for unix-process:3140:1156691 

iv. 解决办法，关闭SELinux即可

# 临时关闭
[root@localhost ~]# setenforce 0

# 永久关闭
[root@localhost ~]# vim /etc/selinux/config
--------------------修改配置------------------------
SELINUX=disabled

v. 检查是否成功

注：如果重启sshd成功没有出现报错，但是检查端口时无效，也是跟SELinux有关，请把它Disable。

[root@localhost ~]# netstat -ntlp | grep sshd
tcp     0    0 0.0.0.0:5522      0.0.0.0:*   LISTEN      3166/sshd 
tcp6    0    0 :::5522           :::*        LISTEN      3166/sshd 

二、配置sshd监听多端口

注：必须把上面的port 5522注释掉，然后增加listenAddress

[root@localhost ~]# vim /etc/ssh/sshd_config
---------------- 配置如下 ----------------
#Port 5522
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:22
ListenAddress 0.0.0.0:5522

重启sshd：

[root@localhost ~]# systemctl restart sshd

检查是否成功：

注：如果配置无效，请检查SELinux是否Disable

[root@localhost ~]# netstat -ntlp | grep sshd
tcp     0    0 0.0.0.0:5522    0.0.0.0:*     LISTEN     3323/sshd           
tcp     0    0 0.0.0.0:22      0.0.0.0:*     LISTEN     3323/sshd

收工！