- 修改ssh默认端口。
[root@neokylin ~]# cat /etc/redhat-release NeoKylin Linux Desktop release 6.0 [root@neokylin ~]# grep Port /etc/ssh/sshd_config #Port 22 #GatewayPorts no [root@neokylin ~]# sed -i "s/#Port 22/Port 6222/" /etc/ssh/sshd_config [root@neokylin ~]# grep Port /etc/ssh/sshd_config Port 6222 #GatewayPorts no
- 重启sshd.servicev并查看服务状态是否正常。
[root@neokylin ~]# systemctl restart sshd.service [root@neokylin ~]# systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled) Active: failed (Result: exit-code) since 一 2023-05-08 14:51:29 CST; 18s ago Process: 34764 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=255) Process: 34761 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS) 5月 08 14:51:29 neokylin systemd[1]: Started OpenSSH server daemon. 5月 08 14:51:29 neokylin sshd[34764]: error: Bind to port 6222 on 0.0.0.0 failed: Permission denied. 5月 08 14:51:29 neokylin sshd[34764]: fatal: Cannot bind any address. 5月 08 14:51:29 neokylin systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a [root@neokylin ~]#
发现ssh服务状态为failed;无法正常启动ssh服务。
-
查看SELinux是否开启。
[root@neokylin ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
发现SELinux是enabled状态。下面介绍两个办法:①在不关闭SELinux下如何正常启动ssh服务?②如何关闭SELinux。
- 在不关闭SELinux下如何正常启动ssh服务?查看当前SElinux允许的ssh端口;添加允许新的ssh端口。
[root@neokylin ~]# semanage port -l | grep ssh ssh_port_t tcp 22 [root@neokylin ~]# semanage port -a -t ssh_port_t -p tcp 6222 [root@neokylin ~]# semanage port -l | grep ssh ssh_port_t tcp 6222, 22 [root@neokylin ~]# firewall-cmd --zone=public --add-port=6222/tcp --permanent [root@neokylin ~]# firewall-cmd --reload [root@neokylin ~]# systemctl restart sshd.service [root@neokylin ~]# systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled) Active: active (running) since 一 2023-05-08 15:11:23 CST; 7s ago Process: 2286 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS) Main PID: 2289 (sshd) CGroup: name=systemd:/system/sshd.service └─2289 /usr/sbin/sshd -D 5月 08 15:11:23 neokylin systemd[1]: Starting OpenSSH server daemon... 5月 08 15:11:23 neokylin systemd[1]: Started OpenSSH server daemon. 5月 08 15:11:23 neokylin sshd[2289]: Server listening on 0.0.0.0 port 6222. [root@neokylin ~]#
发现ssh服务状态为running;能正常启动ssh服务。
- ②如何关闭SELinux?修改SELinux配置文件/etc/selinux/config。(为方便测试,后面修改ssh的端口为62222。)需要重启服务器。
[root@neokylin ~]# grep Port /etc/ssh/sshd_config Port 62222 #GatewayPorts no [root@neokylin ~]# systemctl restart sshd.service [root@neokylin ~]# systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled) Active: failed (Result: exit-code) since 一 2023-05-08 15:19:02 CST; 5s ago Process: 2334 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=255) Process: 2331 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS) 5月 08 15:19:02 neokylin systemd[1]: Starting OpenSSH server daemon... 5月 08 15:19:02 neokylin systemd[1]: Started OpenSSH server daemon. 5月 08 15:19:02 neokylin sshd[2334]: error: Bind to port 62222 on 0.0.0.0 failed: Permission denied. 5月 08 15:19:02 neokylin systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a [root@neokylin ~]# grep SELINUX /etc/selinux/config # SELINUX= can take one of these three values: SELINUX=enforcing # SELINUXTYPE= can take one of these two values: SELINUXTYPE=targeted [root@neokylin ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config [root@neokylin ~]# grep SELINUX /etc/selinux/config # SELINUX= can take one of these three values: SELINUX=disabled # SELINUXTYPE= can take one of these two values: SELINUXTYPE=targeted [root@neokylin ~]# firewall-cmd --zone=public --add-port=62222/tcp --permanent [root@neokylin ~]# firewall-cmd --reload [root@neokylin ~]# reboot [root@neokylin ~]# systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled) Active: active (running) since 一 2023-05-08 15:22:00 CST; 9min ago Process: 611 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS) Main PID: 621 (sshd) CGroup: name=systemd:/system/sshd.service └─621 /usr/sbin/sshd -D 5月 08 15:22:00 neokylin systemd[1]: Starting OpenSSH server daemon... 5月 08 15:22:00 neokylin systemd[1]: Started OpenSSH server daemon. 5月 08 15:22:00 neokylin sshd[621]: Server listening on 0.0.0.0 port 62222. 5月 08 15:28:51 neokylin sshd[2551]: Accepted password for root from 192.168.1.1 port 8230 ssh2 5月 08 15:28:52 neokylin sshd[2553]: Accepted password for root from 192.168.1.1 port 8231 ssh2 [root@neokylin ~]#
NeoKylin Linux Desktop 6.0修改ssh端口启动失败解决办法
最新推荐文章于 2024-06-02 01:21:04 发布