ssh配置文件和iptables中端口开放配置调整时,原先的先不要移除,显式的同时打开22和22345端口,待配置完成确认22345端口访问正常后再逐个移除22端口的配置,防止配置过程中出现差错导致服务器访问不了。
一、SELinux配置修改
1.先检查SELinux状态,如果已关闭则无需相关修改
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
2.semanage命令安装(如果已安装,则无需此步骤)
[root@localhost ~]# yum -y install semanage
[root@localhost ~]# yum provides semanage
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
base/7/x86_64/filelists_db
| 6.9 MB 00:00:11
extras/7/x86_64/filelists_db
| 369 kB 00:00:00
updates/7/x86_64/filelists_db
| 636 kB 00:00:00
policycoreutils-python-2.5-22.el7.x86_64 : SELinux policy core python utilities
源 :base
匹配来源:
文件名 :/usr/sbin/semanage
[root@localhost ~]# yum -y install policycoreutils-python-2.5-22.el7.x86_64
[root@localhost ~]# yum provides semanage
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.cn99.com
* updates: mirrors.cn99.com
base/7/x86_64/filelists_db
| 6.9 MB 00:00:11
extras/7/x86_64/filelists_db
| 369 kB 00:00:00
updates/7/x86_64/filelists_db
| 636 kB 00:00:00
policycoreutils-python-2.5-22.el7.x86_64 : SELinux policy core python utilities
源 :base
匹配来源:
文件名 :/usr/sbin/semanage
[root@localhost ~]# yum -y install policycoreutils-python-2.5-22.el7.x86_64
3.SELinux中SSH端口开放查询和配置
[root@localhost ~]# semanage port -l|grep ssh ssh_port_t tcp 22
[root@localhost ~]# semanage port -a -t ssh_port_t -p tcp 22345
[root@localhost ~]# semanage port -l|grep ssh ssh_port_t tcp 22345, 22
4、SSH端口配置修改
修改ssh配置文件sshd_config
[root@localhost ~]# vi /etc/ssh/sshd_config
Port 22
Port 22345
5、防火墙放行
[root@localhost ~]# firewall-cmd –zone=public –add-port=22345/tcp –permanent
[root@localhost~]# firewall-cmd –reload
6、查询当前 ssh 服务端口:
[root@localhost~]# semanage port -l | grep ssh
ssh_port_t tcp 22
向 SELinux 中添加 ssh 端口:
[root@localhost~]# semanage port -a -t ssh_port_t -p tcp 22345
[root@localhost~]# semanage port -l | grep ssh
ssh_port_t tcp 22,22345
重启 ssh 服务:
[root@localhost~]# systemctl restart sshd.service
测试成功后,把22端口注释掉即可
原创文章,作者:赛福,如若转载,请注明出处:https://www.safecdn.cn/1889.html
本站不销售、不代购、不提供任何支持,仅分享网络信息,请自行辨别,请遵纪守法、文明上网。