我有一台 CentOS 6.4 机器,想要更改默认的 SSH 端口,并按照以下说明操作:
进行这些更改(包括“semanage port -a -t ssh_port_t -p tcp 2345”)并重新启动 SSHD 后,我仍然无法通过新的备用端口进行连接。
我看到主机正在监听新端口:
# netstat -antp | grep 2345 | grep LISTEN
tcp 0 0 0.0.0.0:2345 0.0.0.0:* LISTEN 6998/sshd
tcp 0 0 :::2345 :::* LISTEN 6998/sshd
我发现 SELINUX 策略似乎是正确的:
# /usr/sbin/semanage port -l | grep ssh
ssh_port_t tcp 2345, 22
我发现 IPTABLES 似乎也是正确的:
# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:bootps
179K 145M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
185 7200 ACCEPT icmp -- any any anywhere anywhere
2 99 ACCEPT all -- lo any anywhere anywhere
39 2028 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
29763 11M REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere
0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere
0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 118K packets, 24M bytes)
pkts bytes target prot opt in out source destination
最后,我可以在本地远程登录到该端口:
# telnet localhost 2345
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
但无法从外部通过 telnet 或 SSH 连接到新的备用端口。
我没有处于任何类型的防火墙后面。
有什么想法、建议吗?我很困惑。
丹
最佳答案
(我不知道semanage命令详细是做什么的。)
但在我看来问题出在防火墙上。我没有看到端口 2345 被接受。 我看到的是:
39 2028 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
但这里 ssh 的意思是端口 22,由/etc/services 定义(除非 centos/semanage 正在做奇怪的事情)。
关于linux - CentOS 6.4 和备用 SSH 端口不工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18904687/