zoukankan      html  css  js  c++  java

  • Centos 7 修改SSH默认端口

    centos 7 修改ssh默认端口后,远程连不上了,查了资料,稍微总结一下。
    step1 修改/etc/ssh/sshd_config
    vi /etc/ssh/sshd_config
    #Port 22         //这行去掉#号
    Port 20000      //下面添加这一行

    step2 修改SELinux
    使用以下命令查看当前SElinux 允许的ssh端口:
    semanage port -l | grep ssh

    添加20000端口到 SELinux
    semanage port -a -t ssh_port_t -p tcp 20000

    然后确认一下是否添加进去
    semanage port -l | grep ssh
    如果成功会输出
    ssh_port_t                    tcp    20000, 22
    我一般是禁用selinux

    step3 禁用centos 7的默认防火墙firewalld
    $ systemctl stop firewalld.service ### - stop firewall daemon
    $ systemctl disable firewalld.service ### - stop firewall daemon being start at start-up

    $ systemctl enable iptables.service ### - start IPtable service
    https://www.centos.org/forums/viewtopic.php?f=50&t=49250

    step4启用老的iptables防火墙
    vi /etc/sysconfig/iptables
    增加一行
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 20000 -j ACCEPT

    step5 重启ssh
    systemctl restart sshd.service

    http://blog.csdn.net/jasper_success/article/details/38537049

    注意要sshd放在最后一步重新启动,如果上面的步骤不设置好,远程就挂了。






    备注:  http://ludihua.blog.51cto.com/4601284/1438488

    添加20000端口到 SELinux
    semanage port -a -t ssh_port_t -p tcp 20000

    libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).

    Could not change policy booleans



    [root@localhost ~]# setsebool -P samba_export_all_rw on

    libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).

    Could not change policy booleans

    报错信息如上,仔细看了下报错,不能直接锁定xxx文件然后我把/etc/selinux/targeted/modules/semanage.trans.LOCK移动到其他地方试了下,我擦,它好了,不知道什么情况,

    [root@localhost modules]# ls

    active  semanage.read.LOCK  semanage.trans.LOCK  tmp

    [root@localhost modules]# cat semanage.trans.LOCK

    [root@localhost modules]# mv semanage.trans.LOCK ../

    [root@localhost modules]# ls

    active  semanage.read.LOCK  tmp

    [root@localhost modules]# setsebool -P samba_export_all_rw on

    [root@localhost modules]# getsebool -a |grep samba

    samba_create_home_dirs --> off

    samba_domain_controller --> off

    samba_enable_home_dirs --> off

    samba_export_all_ro --> off

    samba_export_all_rw --> on

    samba_portmapper --> off

    samba_run_unconfined --> off

    samba_share_fusefs --> off

    samba_share_nfs --> off

    sanlock_use_samba --> off

    use_samba_home_dirs --> off

    virt_use_samba --> off
  • 相关阅读:
    js获取客户端IP及地理位置
    跟SAP系统集成的Android应用
    关于刘冬大侠Spring.NET系列学习笔记3的一点勘正
    设置浏览器全屏模式
    一个模拟"显示桌面.scf"程序的JS小函数
    网站整体变灰(黑白、置灰)原理
    苹果手机上input的button按钮颜色显示问题
    用Python做数据清洗:采集几百个xls或csv中的数据并汇总
    用ISO-8859-1解决Python 'utf-8' codec can't decode bytes in position 924-925问题
    Python批量转换子文件夹下的文件编码
  • 原文地址:https://www.cnblogs.com/smallfa/p/4920561.html
Copyright © 2011-2022 走看看