centos 7 修改ssh默认端口后,远程连不上了,查了资料,稍微总结一下。
step1 修改/etc/ssh/sshd_config
vi /etc/ssh/sshd_config
#Port 22 //这行去掉#号
Port 20000 //下面添加这一行
step2 修改SELinux
使用以下命令查看当前SElinux 允许的ssh端口:
semanage port -l | grep ssh
添加20000端口到 SELinux
semanage port -a -t ssh_port_t -p tcp 20000
然后确认一下是否添加进去
semanage port -l | grep ssh
如果成功会输出
ssh_port_t tcp 20000, 22
我一般是禁用selinux
step3 禁用centos 7的默认防火墙firewalld
$ systemctl stop firewalld.service ### - stop firewall daemon
$ systemctl disable firewalld.service ### - stop firewall daemon being start at start-up
$ systemctl enable iptables.service ### - start IPtable service
https://www.centos.org/forums/viewtopic.php?f=50&t=49250
step4启用老的iptables防火墙
vi /etc/sysconfig/iptables
增加一行
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20000 -j ACCEPT
step5 重启ssh
systemctl restart sshd.service
http://blog.csdn.net/jasper_success/article/details/38537049
注意要sshd放在最后一步重新启动,如果上面的步骤不设置好,远程就挂了。
备注: http://ludihua.blog.51cto.com/4601284/1438488
添加20000端口到 SELinux
semanage port -a -t ssh_port_t -p tcp 20000
libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).
Could not change policy booleans
[root@localhost ~]# setsebool -P samba_export_all_rw on
libsemanage.semanage_get_lock: Could not get direct transaction lock at /etc/selinux/targeted/modules/semanage.trans.LOCK. (Resource temporarily unavailable).
Could not change policy booleans
报错信息如上,仔细看了下报错,不能直接锁定xxx文件然后我把/etc/selinux/targeted/modules/semanage.trans.LOCK移动到其他地方试了下,我擦,它好了,不知道什么情况,
[root@localhost modules]# ls
active semanage.read.LOCK semanage.trans.LOCK tmp
[root@localhost modules]# cat semanage.trans.LOCK
[root@localhost modules]# mv semanage.trans.LOCK ../
[root@localhost modules]# ls
active semanage.read.LOCK tmp
[root@localhost modules]# setsebool -P samba_export_all_rw on
[root@localhost modules]# getsebool -a |grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> on
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off