一、修改ssh配置文件sshd_config:
vi /etc/ssh/sshd_config
看到下面的信息,找到 Port 22那行,把22改为你要的端口,然后保存退出:
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # Port 22 #这一行的端口改为你要的 #ListenAddress 0.0.0.0 #ListenAddress ::
二、防火墙放行:
vi /etc/sysconfig/iptables
找到这个文件里面下面的这两行:
-A IN_public_allow -p udp -m udp --dport 22 -m conntrack --ctstate NEW -j ACCEPT -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
复制这两行把22改为你要修改的端口就好
或者直接把22修改了也行,这样就不用22端口了
然后保存退出
三、重启防火墙和ssh:
service sshd restart #重启ssh 二选一 systemctl restart sshd.service #重启ssh 二选一 service iptables restart #重启防火墙
大功告成,可以用新端口登陆了,22端口就不能登陆了,防止ssh暴力攻击
版权声明:本文为期权记的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://www.qiquanji.com/post/140.html
微信扫码关注
更新实时通知