1.查询seliunx
[root@test10597 ~]# getenforce
Enforcing
[root@test10597 ~]# semanage port -l|grep ssh
ssh_port_t tcp 22
2.设置selinux端口
[root@test10597 ~]# semanage port -a -t ssh_port_t -p tcp 10022
[root@test10597 ~]# semanage port -l|grep shh
[root@test10597 ~]# semanage port -l|grep ssh
ssh_port_t tcp 10022, 22
若想添加其他已定义的端口(如443)到SSH,可使用-m修改命令,# semanage port -m -t ssh_port_t -p tcp 443
直接使用-a命令添加443端口会报错:ValueError: Port tcp/443 already defined
3.修改ssh配置文件
4.更改防火墙
[root@test10597 ~]# cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
[root@test10597 ~]# vim /etc/firewalld/services/ssh.xml
[root@test10597 ~]# firewall-cmd --add-service=ssh --permanent
success
[root@test10597 ~]# firewall-cmd --reload
success
[root@test10597 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dhcpv6-client ssh
ports: 80/tcp 10022/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@test10597 ~]# firewall-cmd --list-service
dhcpv6-client ssh
4.重启ssh
[root@test10597 ~]# systemctl restart sshd.service
5.删除selinux
semanage port -d -t ssh_port_t -p tcp 22