Centos7安装ssh并修改端口 (在root下操作)
Centos7安装ssh并修改端口(在root下操作)
1.查看当前的centos是否安装了ssh服务。
[root@localhost /]#yum list installed |grep ssh #出现ssh则代表安装
libssh2.x86_64 1.8.0-4.el7 @anaconda
openssh.x86_64 7.4p1-21.el7 @anaconda
openssh-clients.x86_64 7.4p1-21.el7 @anaconda
openssh-server.x86_64 7.4p1-21.el7 @anaconda
2.如果不存在ssh服务,则通过yum安装,按Y确认
[root@localhost /]#yum -y install openssh-server
3.查看ssh服务状态
[root@localhost /]#systemctl status sshd #Active:active(runing)代表开启
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2022-07-05 18:45:52 PDT; 10min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1068 (sshd)
Tasks: 1
CGroup: /system.slice/sshd.service
└─1068 /usr/sbin/sshd -D
4.查看服务器端口号范围
[root@localhost /]#sysctl -a | grep ip_local_port_range #在这个范围内ssh端口
5.修改ssh配置文件
- 修改位于
/etc/ssh目录下的sshd_config文件,用vim打开,未安装vim的输入yum install vim进行安装
[root@localhost /]#vim /etc/ssh/sshd_config
- 找到以下代码部分并进行修改Port端口或取消掉以下四个部分的注释
Port 22 #取消掉前面的注释
Port 22222 #添加新的ssh端口
#AddressFamily any
ListenAddress 0.0.0.0 #取消掉前面的注释
ListenAddress :: #取消掉前面的注释
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes #取消掉前面的注释
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes #取消掉前面的注释
#PermitEmptyPasswords no
- 进入vim命令模式后,输入
wq!退出并保存配置。
6.检查SELinux状态,如果关闭则无需修改
[root@localhost /]# getenforce
Enforcing
#或者
[root@localhost /]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
-
临时关闭SELinux
[root@localhost /]# setenforce 0 //临时关闭Selinux [root@localhost /]# getenforce Permissive -
永久关闭SELinxu
-
进入etc/selinux/config文件中
[root@localhost /]#vim /etc/selinux/config //修改Selinux配置文件 # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing //修改此处为disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted- 进入vim命令模式后,输入
wq!退出并保存配置。
- 进入vim命令模式后,输入
-
7.SELinxu配置修改
-
如没有安装semanage
[root@localhost ~]# yum -y install semanage [root@localhost /]# yum provides semanage 已加载插件:fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.bupt.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base/7/x86_64/filelists_db | 7.2 MB 00:00:07 extras/7/x86_64/filelists_db | 277 kB 00:00:00 policycoreutils-python-2.5-34.el7.x86_64 : SELinux policy core python utilities 源 :base 匹配来源: 文件名 :/usr/sbin/semanage policycoreutils-python-2.5-34.el7.x86_64 : SELinux policy core python utilities 源 :@anaconda 匹配来源: 文件名 :/sbin/semanage policycoreutils-python-2.5-34.el7.x86_64 : SELinux policy core python utilities 源 :@anaconda 匹配来源: 文件名 :/usr/sbin/semanage [root@localhost /]#yum -y install policycoreutils-python-2.5-34.el7.x86_64
8.SELinxu中ssh端口开放查询和配置
[root@localhost ~]# semanage port -l|grep ssh
ssh_port_t tcp 22
[root@localhost ~]# semanage port -a -t ssh_port_t -p tcp 22222 #-a添加,-d删除
[root@localhost ~]# semanage port -l|grep ssh
ssh_port_t tcp 22222, 22
9.ssh服务重启并查看是否运行
[root@localhost /]#systemclt restart sshd #重启sshd服务
[root@localhost /]#netstat -an |grep ssh #查看是否运行
[root@localhost /]#netstat -an |grep 2222 #查看2222是否在监听
10.查看Filewalld防火墙是否打开
[root@localhost /]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2022-07-05 07:27:16 PDT; 1h 31min ago
Docs: man:firewalld(1)
Main PID: 681 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─681 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
7月 05 07:27:07 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewal....
7月 05 07:27:16 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall....
7月 05 07:27:18 localhost.localdomain firewalld[681]: WARNING: AllowZoneDrifting is en....
Hint: Some lines were ellipsized, use -l to show in full.
-
如果防火墙打开,查看是否开启22222端口
[root@localhost /]#firewall-cmd --permanent --query-port=22222/tcp NO -
添加22222端口
[root@localhost /]#firewall-cmd --permanent --zone=public --add-port=22222/tcp success -
重新加载防火墙策略
[root@localhost /]#firewall-cmd --reload
-
查看22222是否被开启
[root@localhost /]#firewall-cmd --permanent --query-port=22222/tcp yes
11.如果为iptables防火墙
[root@localhost /]# iptables -I INPUT -p tcp -m state --state NEW --dport 22222 -j ACCEPT
[root@localhost /]# service iptables save
[root@localhost /]# iptables -L -n --line-numbers
12.设置开启启动ssh服务
[root@localhost /]#systemctl enable sshd #开机启动sshd服务
[root@localhost /]#systemctl list-unit-files |grep ssh #检查是否开机启动
[root@localhost /]#systemctl stop sshd #停⽌sshd服务
[root@localhost /]#systemctl disable sshd #禁⽤开机启动sshd服务
-
如果设置sshd启动后,sshd状态仍没有启动,检查防火墙是否阻止了ssh服务
permanent为永久加入,不想要可以不加入。
[root@localhost /]#firewall-cmd --list-service #出现ssh没有问题
[root@localhost /]#firewall-cmd --add-service ssh permanent #没有出现添加ssh服务
13.远程连接
[root@localhost /]ssh root@xxx.xxx.xxx.xxx -p 22222
浙公网安备 33010602011771号