Centos 7 修改SSH默认端口

centos 7 修改ssh默认端口后，远程连不上了，查了资料，稍微总结一下。
step1 修改/etc/ssh/sshd_config
vi /etc/ssh/sshd_config
#Port 22         //这行去掉#号
Port 20000      //下面添加这一行

step2 修改SELinux
使用以下命令查看当前SElinux 允许的ssh端口：
semanage port -l | grep ssh

添加20000端口到 SELinux
semanage port -a -t ssh_port_t -p tcp 20000

然后确认一下是否添加进去
semanage port -l | grep ssh
如果成功会输出
ssh_port_t                    tcp    20000, 22
我一般是禁用selinux

step3 禁用centos 7的默认防火墙firewalld
$ systemctl stop firewalld.service ### - stop firewall daemon
$ systemctl disable firewalld.service ### - stop firewall daemon being start at start-up

$ systemctl enable iptables.service ### - start IPtable service
https://www.centos.org/forums/viewtopic.php?f=50&t=49250

step4启用老的iptables防火墙
vi /etc/sysconfig/iptables
增加一行
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20000 -j ACCEPT

step5 重启ssh
systemctl restart sshd.service

http://blog.csdn.net/jasper_success/article/details/38537049

注意要sshd放在最后一步重新启动，如果上面的步骤不设置好，远程就挂了。

备注:  http://ludihua.blog.51cto.com/4601284/1438488

添加20000端口到 SELinux
semanage port -a -t ssh_port_t -p tcp 20000

libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).

Could not change policy booleans



[root@localhost ~]# setsebool -P samba_export_all_rw on

libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).

Could not change policy booleans

报错信息如上，仔细看了下报错，不能直接锁定xxx文件然后我把/etc/selinux/targeted/modules/semanage.trans.LOCK移动到其他地方试了下，我擦，它好了，不知道什么情况，

[root@localhost modules]# ls

active  semanage.read.LOCK  semanage.trans.LOCK  tmp

[root@localhost modules]# cat semanage.trans.LOCK

[root@localhost modules]# mv semanage.trans.LOCK ../

[root@localhost modules]# ls

active  semanage.read.LOCK  tmp

[root@localhost modules]# setsebool -P samba_export_all_rw on

[root@localhost modules]# getsebool -a |grep samba

samba_create_home_dirs --> off

samba_domain_controller --> off

samba_enable_home_dirs --> off

samba_export_all_ro --> off

samba_export_all_rw --> on

samba_portmapper --> off

samba_run_unconfined --> off

samba_share_fusefs --> off

samba_share_nfs --> off

sanlock_use_samba --> off

use_samba_home_dirs --> off

virt_use_samba --> off