Linux-CentOS7: Modify the default SSH port, centos7ssh
SSH listens to port 22 by default, but brute-force logon is often performed when the server is open to the public network, so it is better to change the port.
Refresh after reference: http://blog.csdn.net/ausboyue/article/details/53691953
Step 1. Modify/etc/ssh/sshd_config and add the ssh port
# Vi/etc/ssh/sshd_config
Find the line # Port 22, uncomment, and add the custom ssh Port. Assume Port 111111 (take Port 10000 ~ 65535, less than 10 thousand may be occupied by the System) Port 22 Port 111111
Port 22 is retained just in case. If port 22 fails to be added, port 22 can still be used, and the server on port 22 cannot be reset.
Step2. set SELinux (do not want to enable ignore this step)
Check selinux status # sestatus;
If it is disabled, set selinux = enforcing in # vi/etc/SELINUX/config.
Semanage port-l | grep ssh view ssh port,
If semanage is not installed, # yum install policycoreutils-python
Execute open port 111111
# Semanage port-a-t ssh_port_t-p tcp 111111
Step open ports of the firewall
Check the Firewall status: # systemctl status firewalld. If it is not enabled, start it # systemctl start firewalld
Add port: # firewall-cmd -- add-port = 111111/tcp -- permanent
Reload: # firewall -- cmd -- reload
Step 4. Restart
Restart ssh: # systemctl restart sshd
Restart firewalld: # systemctl restart firewalld
Restart the computer: # shutdown-r now
Step 5. Try logging on to the new port
The ssh tool tries to connect. When the connection is established, the port is changed to the new 111111 value. After the connection is successful, you can continue.
Step 6. Modify/etc/ssh/sshd_config, cancel port 22, and restart Related Services
# Vi/etc/ssh/sshd_config
Note 22 Port: # Port 22
Restart ssh: # systemctl restart ssh
If you attempt to log on to port 22, a message indicating failure is displayed.
Tips: You can view the logon status using the following method: last command # last view log file/var/log/secure # cat/var/log/secure