Help us understand the problem. What is going on with this article?

CentOS7でSSHのポート番号を変更する

More than 3 years have passed since last update.

いつも忘れちゃうので備忘録

centos7構築する際の手順としてSSHをつぶしてそのほかのポート番号を空けたいときにみるやーつ。
ここでは22から2222に変更しています。適宜読み換えてください。

現在の状態を確認

$ systemctl status firewalld

$ firewall-cmd --list-all

public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

sshd_configの修正

$ sudo vi /etc/ssh/sshd_config

- # Port 22
+ Port 2222

$ sudo systemctl restart sshd

firewalldの設定からSSHを削除

$ sudo firewall-cmd --permanent --remove-service=ssh

firewalldの設定にssh-2222を追加

既存のssh.xmlをcopyしてssh-2222.xmlを作成する

$ sudo cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-2222.xml

ssh-222.xmlファイル内のポート番号を22から2222に変更する

$ sudo vi /etc/firewalld/services/ssh-2222.xml

-  <port protocol="tcp" port="22"/>
+  <port protocol="tcp" port="2222"/>

$ sudo firewall-cmd --permanent --add-service=ssh-2222

firewalldをリロード

$ sudo firewall-cmd --reload

変更後の状態を確認

$ firewall-cmd --list-all

public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh-2222
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

http、httpsを追加する場合は以下のコマンド

$ sudo firewall-cmd --permanent --add-service=http

$ sudo firewall-cmd --permanent --add-service=https

fk_2000
最近の関心事:YouTube、aws、IoT、マイコンボード エンジニア採用、IT導入担当、ブログメディア編集長( https://avatarworld.info/ )、 ↓こちらのYouTubeチャンネルで動画をアップしています。 https://www.youtube.com/channel/UCFM7KsJZC8uGJ1BRMT-4dFg
https://twitter.com/fk_2000
orylab
オリィ研究所は距離や身体的問題を克服し、あいたい人に会え、行きたいところに行ける未来を実現します。
http://orylab.com
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした