Modifica portul 22 pentru sshd

Jan. 20, 2019, 10:37 a.m. TestCat centos selinux linux


DRAFT Adaugam intai un al doilea port (de exemplu 6666), lasand si 22 activ pana testam noul port. Deschidem vi /etc/ssh/sshd_config si cautam # Port 22, atentie vom lasa ambele Porturi activate momentan:

Port 22
Port 6666

# Diverse comenzi
firewall-cmd --help
firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s25
  sources:
  services: dhcpv6-client http ssh https
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

firewall-cmd --add-port 6666/tcp # deschide portul in firewall, atentie nu supravietuieste unui server restart
semanage port -a -t ssh_port_t -p tcp 6666 # deschide portul si in SELinux
systemctl restart sshd

# ---> now try to ssh from local (ssh username@remoteserver -p 6666).

# ---> In cazul in care totul e ok, facem setarile in firewalld sa fie persistente:

# firewall-cmd --add-port 6666/tcp --permanent
# firewall-cmd --reload

systemctl restart sshd
# firewall-cmd --remove-service ssh --permanent
# firewall-cmd --reload

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s25
  sources:
  services: dhcpv6-client http https
  ports: 6666/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

to be continued