Generally speaking, the security of the Linux system is already very high, but it will also encounter some special situations, such as other people’s targeted "Sao Miao" blasting, and will continue to guess and try to log in. If you ignore it, you still have For higher hidden dangers, let’s talk about modifying the default port 22 under centos 7 to improve the safety factor. The general steps are as follows:

step1 modify /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

#Port 22 //Remove the # sign from this line to prevent remote login after bad configuration. You have to go to the computer room to modify it. After the modified port can be used, comment it out

Port 20000 //Add this line below

step2 modify the firewall configuration

Firewall add the ssh port you want to modify:

firewall-cmd --zone=public --add-port=20000/tcp --permanent (permanent means to save the configuration, otherwise the modification will be invalid after the next restart)

reload firewall:

firewall-cmd --reload

Check whether the port is added successfully, if the port is added successfully, it will display yes, otherwise no

firewall-cmd --zone=public --query-port=20000/tcp

step3 modify SELinux

Use the following command to view the current ssh ports allowed by SElinux:

semanage port -l | grep ssh

Add 20000 port to SELinux

semanage port -a -t ssh_port_t -p tcp 20000

Then confirm whether to add it

semanage port -l | grep ssh

Will output if successful

ssh_port_t tcp 20000, 22

step4 restart ssh

systemctl restart sshd.service

step5 Test the ssh connection of the new port

Test the ssh connection after modifying the port, if it succeeds, re-comment out port 22 in step1

at 12/06/2020, 18:24pm

Been read 2352 times