本文介绍了SSH协议及其默认端口22的起源,以及如何检查本地或远程系统上的端口22是否开放。此外,还讨论了如何通过SSH命令指定端口号,使用Netstat、Telnet和Nmap工具进行端口检测,以及如何更改SSH服务端口和在Linux防火墙中启用端口22。
What is port 22? Is SSH using 22 or different port? How can I check that port 22 is open? We can increase the questions but in this tutorial, we will dive into details of the TCP Port Number 22 which is the default defacto SSH (Secure Shell) Port.
什么是22端口? SSH使用22还是其他端口? 如何检查端口22是否打开? 我们可以增加问题的数量,但是在本教程中,我们将深入研究TCP端口号22(默认的SSH(安全外壳)端口)的详细信息。
SSH(安全外壳) (SSH (Secure Shell))
Secure Shell or with its well-known name SSH is a secure remote access protocol that is created in 1995. Before its invention, Telnet and Ftp were popular protocols for remote access and file transfer. Telnet port was using TCP 23 and FTP was using TCP port 21. Port 22 was free where it was very suitable for the SSH protocol for simplicity and the meaning.
Secure Shell或以其众所周知的名称SSH是于1995年创建的安全远程访问协议。在其发明之前,Telnet和Ftp是用于远程访问和文件传输的流行协议。 Telnet端口使用TCP 23,而FTP使用TCP端口21。端口22是免费的,出于简单性和含义,它非常适合SSH协议。
SSH端口号22故事 (SSH Port Number 22 Story)
The SSH protocol is created by the Tatu Ylonen in 1995 and in order to get port number 22 from the Internet Assignment Numbers Authority (IANA), he writes an email about the port request between 1-255. But also added that he is using port number 22 for beta tests and would be great if TCP 22 can be used by the SSH service.
SSH协议是由Tatu Ylonen在1995年创建的,为了从Internet分配号码授权机构(IANA)获取端口号22,他写了一封有关端口请求的电子邮件,介于1-255之间。 但他还补充说,他正在使用端口号22进行Beta测试,如果SSH服务可以使用TCP 22,那就太好了。
With a fast response, Joyce from IANA returned in next day with a simple confirmation answer like below.
很快,IANA的乔伊斯(Joyce)在第二天返回,并给出了一个简单的确认答案,如下所示。
使用SSH命令指定SSH端口号(Specify SSH Port Number with SSH Command)
ssh command is used to connect remote SSH servers for remote access. By default, it assumes remote SSH service runs on port number 22 but in some situations, it is not. We can explicitly specify the port number we want to connect with the -p option like below.
ssh命令用于连接远程SSH服务器以进行远程访问。 默认情况下,它假定远程SSH服务在端口号22上运行,但在某些情况下不是。 我们可以使用-p选项明确指定要连接的端口号,如下所示。
$ ssh -p 22 192.168.142.150
检查是否使用Netstat打开了本地TCP端口22(Check If Local TCP Port 22 Is Open with Netstat)
We can check whether the TCP port 22 is open and listening for the connections. In this example, we will use the netstat command by providing some options. This will list all listening ports for the local system with their port numbers.
我们可以检查TCP端口22是否打开并监听连接。 在此示例中,我们将通过提供一些选项来使用netstat命令。 这将列出本地系统的所有侦听端口及其端口号。
$ netstat -tln
We can also list listening ports according to their service name. Port 22 is SSH service and it will be named as ssh.
我们还可以根据其服务名称列出监听端口。 端口22是SSH服务,它将被命名为ssh 。
$ netstat -tl
检查本地或远程TCP端口22是否通过Telnet打开 (Check If Local or Remote TCP Port 22 Is Open with Telnet)
telnet is a tool used to access remote systems via telnet terminals. Telnet is used with port number 23. But we can also use telnet to check remote or local port status. If the port is open we will see that the port is open. We will provide the IP address of the remote system with the port number.
telnet是用于通过telnet终端访问远程系统的工具。 Telnet与端口号23一起使用。但是我们也可以使用telnet来检查远程或本地端口状态。 如果端口是开放的,我们将看到该端口是开放的。 我们将为远程系统的IP地址提供端口号。
$ telnet 192.168.142.150 22
检查/扫描是否使用Nmap打开了本地或远程TCP端口22(Check/Scan If Local or Remote TCP Port 22 Is Open with Nmap)
nmap is a network scanning tool where it is used to scan networks, IP addresses, and ports. We will provide the port number in order to make the scan faster.
nmap是一种网络扫描工具,用于扫描网络,IP地址和端口。 我们将提供端口号,以加快扫描速度。
$ nmap -sV -sC -p 22 192.168.142.150
From the scan output, we can see that the following information about the SSH service and port 22 is provided.
从扫描输出中,我们可以看到提供了有关SSH服务和端口22的以下信息。
SSH Service Softwarename isOpenSSHSSH Service Software名称为OpenSSHThe version of the SSH service is
7.7p1SSH服务的版本为
7.7p1The operating system running the service is
Ubuntu.运行该服务的操作系统是
Ubuntu。- SSH host keys like RSA, ECDSA, and EdDSA are provided too. 还提供SSH主机密钥,如RSA,ECDSA和EdDSA。
TCP端口22或UDP端口22 (TCP Port 22 or UDP Port 22)
Port 22 generally referred to as the TCP port 22. But there is also a transmission protocol named UDP which has different behavior than TCP. SSH needs reliable connection which is provided only by TCP protocol so UDP port 22 is not a popular port.
端口22通常称为TCP端口22。但是,还有一种名为UDP的传输协议,其行为与TCP不同。 SSH需要可靠的连接,该连接仅由TCP协议提供,因此UDP端口22不是受欢迎的端口。
更改服务器中的SSH端口 (Change SSH Port In the Server)
By default, SSH runs on TCP port 22. But we have the flexibility where we can change the SSH port. The SSH service or service configuration is stored in the sshd_config file which is located at the /etc/ssh/sshd_config for most of the Linux distributions. We will just disable the current port configurations by commenting on it with the # and add a new line for the Port configuration with the new port number we want to use. In this case, we will set the SSH port as 2345.
默认情况下,SSH在TCP端口22上运行。但是我们可以灵活地更改SSH端口。 SSH服务或服务配置存储在sshd_config文件中,该文件位于大多数Linux发行版的/etc/ssh/sshd_config中。 我们将通过使用#注释当前端口配置来禁用当前端口配置,并为Port配置添加新行并使用我们要使用的新端口号。 在这种情况下,我们将SSH端口设置为2345 。
In order to make new port configuration effective we have to restart the SSH service which will reload the configuration. We will use systemctl command like below.
为了使新的端口配置有效,我们必须重新启动SSH服务,该服务将重新加载配置。 我们将使用如下所示的systemctl命令。
$ systemctl restart ssh为Linux防火墙iptables启用SSH端口22 (Enable SSH Port 22 For Linux Firewall Iptables)
iptables is the standard firewall management tool for most of the Linux distributions. We can accept or block connections to the local SSH port 22 with the iptables command.
iptables是大多数Linux发行版的标准防火墙管理工具。 我们可以使用iptables命令接受或阻止与本地SSH端口22的连接。
We will run the following command in order to accept SSH port 22 connections to the local SSH server. We will provide the --dport option.
我们将运行以下命令以接受到本地SSH服务器的SSH端口22连接。 我们将提供--dport选项。
$ sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT翻译自: https://www.poftut.com/port-22-and-relation-with-ssh-protocol/
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
