CentOS 7 修改SSH端口,
问题:
[root@localhost ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since 日 2016-01-31 20:43:48 CST; 2min 13s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 50776 (sshd)
CGroup: /system.slice/sshd.service
└─50776 /usr/sbin/sshd -D
1月 31 20:43:48 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
1月 31 20:43:48 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
1月 31 20:43:48 localhost.localdomain sshd[50776]: error: Bind to port 9481 on 0.0.0.0 failed: Permission denied.
1月 31 20:43:48 localhost.localdomain sshd[50776]: error: Bind to port 9481 on :: failed: Permission denied.
1月 31 20:43:48 localhost.localdomain sshd[50776]: Server listening on 0.0.0.0 port 22.
1月 31 20:43:48 localhost.localdomain sshd[50776]: Server listening on :: port 22.
1月 31 20:45:29 localhost.localdomain sshd[51007]: Accepted password for root from 192.168.0.103 port 54599 ssh2
[root@localhost ~]#
解决:
[root@localhost ~]# semanage port -a -t ssh_port_t -p tcp 9481
-------------------------解决之后----------------------------------
[root@localhost ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since 日 2016-01-31 21:20:18 CST; 1min 30s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 52858 (sshd)
CGroup: /system.slice/sshd.service
└─52858 /usr/sbin/sshd -D
1月 31 21:20:18 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
1月 31 21:20:18 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 9481.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 9481.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 22.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 22.
----------------------------------------------------------------------
附:
semanage使用方法:
/usr/sbin/semanage: semanage [ -S store ] -i [ input_file | - ] semanage [ -S store ] -o [ output_file | - ] semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n] semanage login -{a|d|m} [-sr] login_name | %groupname semanage user -{a|d|m} [-LrRP] selinux_name semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range semanage interface -{a|d|m} [-tr] interface_spec semanage module -{a|d|m} [--enable|--disable] module semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr semanage fcontext -{a|d|m} [-efrst] file_spec semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file semanage permissive -{d|a|l} type semanage dontaudit [ on | off ] Primary Options: -a, --add Add a OBJECT record NAME -d, --delete Delete a OBJECT record NAME -m, --modify Modify a OBJECT record NAME -i, --input Input multiple semange commands in a transaction -o, --output Output current customizations as semange commands -l, --list List the OBJECTS -E, --extract extract customizable commands -C, --locallist List OBJECTS local customizations -D, --deleteall Remove all OBJECTS local customizations -h, --help Display this message -n, --noheading Do not print heading when listing OBJECTS -S, --store Select and alternate SELinux store to manage Object-specific Options (see above): -f, --ftype File Type of OBJECT "" (all files) -- (regular file) -d (directory) -c (character device) -b (block device) -s (socket) -l (symbolic link) -p (named pipe) -F, --file Treat target as an input file for command, change multiple settings -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) -M, --mask Netmask -e, --equal Substitue source path for dest path when labeling -P, --prefix Prefix for home directory labeling -L, --level Default SELinux Level (MLS/MCS Systems only) -R, --roles SELinux Roles (ex: "sysadm_r staff_r") -s, --seuser SELinux User Name -t, --type SELinux Type for the object -r, --range MLS/MCS Security Range (MLS/MCS Systems only) --enable Enable a module --disable Disable a module