Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationEventAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
115
Help us understand the problem. What are the problem?

More than 3 years have passed since last update.

posted at

updated at

Organization

CentOS7でSSHのポート番号を変更する

いつも忘れちゃうので備忘録

centos7構築する際の手順としてSSHをつぶしてそのほかのポート番号を空けたいときにみるやーつ。
ここでは22から2222に変更しています。適宜読み換えてください。

現在の状態を確認

$ systemctl status firewalld

$ firewall-cmd --list-all

public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

sshd_configの修正

$ sudo vi /etc/ssh/sshd_config

- # Port 22
+ Port 2222

$ sudo systemctl restart sshd

firewalldの設定からSSHを削除

$ sudo firewall-cmd --permanent --remove-service=ssh

firewalldの設定にssh-2222を追加

既存のssh.xmlをcopyしてssh-2222.xmlを作成する

$ sudo cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-2222.xml

ssh-222.xmlファイル内のポート番号を22から2222に変更する

$ sudo vi /etc/firewalld/services/ssh-2222.xml

-  <port protocol="tcp" port="22"/>
+  <port protocol="tcp" port="2222"/>

$ sudo firewall-cmd --permanent --add-service=ssh-2222

firewalldをリロード

$ sudo firewall-cmd --reload

変更後の状態を確認

$ firewall-cmd --list-all

public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh-2222
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

http、httpsを追加する場合は以下のコマンド

$ sudo firewall-cmd --permanent --add-service=http

$ sudo firewall-cmd --permanent --add-service=https

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
115
Help us understand the problem. What are the problem?