セキュリティの観点からSSHのポート番号を22⇒2222に変更する
①sshd設定ファイルの修正
cp /etc/ssh/sshd_config{,.org}
cp /etc/ssh/sshd_config{,.org}
cp /etc/ssh/sshd_config{,.org}
portと番号の間に半角スペースを入れること。入れないと起動に失敗する
vi /etc/ssh/sshd_config
# Port22
↓
Port 2222
vi /etc/ssh/sshd_config
# Port22
↓
Port 2222
vi /etc/ssh/sshd_config # Port22 ↓ Port 2222
systemctl restart sshd
systemctl status sshd
systemctl restart sshd
systemctl status sshd
systemctl restart sshd systemctl status sshd
サービス再起動後、エラーがないこと
②firewallの設定
firewall-cmd --permanent --remove-service=ssh
success
firewall-cmd --permanent --remove-service=ssh
success
firewall-cmd --permanent --remove-service=ssh success
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-2222.xml
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-2222.xml
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ssh-2222.xml
vi /etc/firewalld/services/ssh-2222.xml
<port protocol="tcp" port="22"/>
↓
<port protocol="tcp" port="2222"/>
vi /etc/firewalld/services/ssh-2222.xml
<port protocol="tcp" port="22"/>
↓
<port protocol="tcp" port="2222"/>
vi /etc/firewalld/services/ssh-2222.xml <port protocol="tcp" port="22"/> ↓ <port protocol="tcp" port="2222"/>
firewall-cmd --permanent --add-service=ssh-2222
success
firewall-cmd --permanent --add-service=ssh-2222
success
firewall-cmd --permanent --add-service=ssh-2222 success
firewall-cmd --reload
success
firewall-cmd --reload
success
firewall-cmd --reload success
firewall-cmd --list-all
public (active)
services: cockpit dhcpv6-client ssh-2222
firewall-cmd --list-all
public (active)
services: cockpit dhcpv6-client ssh-2222
firewall-cmd --list-all public (active) services: cockpit dhcpv6-client ssh-2222
上記のように確認の結果、ssh-2222がservicesに追加されていればOK
コメント