CentOS 7 修改SSH端口，失败。

CentOS 7 修改SSH端口，

问题：

[root@localhost ~]# systemctl status sshd

● sshd.service - OpenSSH server daemon

Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)

Active: active (running) since 日 2016-01-31 20:43:48 CST; 2min 13s ago

Docs: man:sshd(8)

man:sshd_config(5)

Main PID: 50776 (sshd)

CGroup: /system.slice/sshd.service

└─50776 /usr/sbin/sshd -D

 

1月 31 20:43:48 localhost.localdomain systemd[1]: Started OpenSSH server daemon.

1月 31 20:43:48 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...

1月 31 20:43:48 localhost.localdomain sshd[50776]: error: Bind to port 9481 on 0.0.0.0 failed: Permission denied.

1月 31 20:43:48 localhost.localdomain sshd[50776]: error: Bind to port 9481 on :: failed: Permission denied.

1月 31 20:43:48 localhost.localdomain sshd[50776]: Server listening on 0.0.0.0 port 22.

1月 31 20:43:48 localhost.localdomain sshd[50776]: Server listening on :: port 22.

1月 31 20:45:29 localhost.localdomain sshd[51007]: Accepted password for root from 192.168.0.103 port 54599 ssh2

[root@localhost ~]#

解决：

 

[root@localhost ~]# semanage port -a -t ssh_port_t -p tcp 9481

-------------------------解决之后----------------------------------

[root@localhost ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since 日 2016-01-31 21:20:18 CST; 1min 30s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 52858 (sshd)
   CGroup: /system.slice/sshd.service
           └─52858 /usr/sbin/sshd -D

1月 31 21:20:18 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
1月 31 21:20:18 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 9481.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 9481.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 22.
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 22.

----------------------------------------------------------------------

附：

semanage使用方法：

/usr/sbin/semanage:
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage module -{a|d|m} [--enable|--disable] module
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-efrst] file_spec
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a|l} type
semanage dontaudit [ on | off ]
Primary Options:
	-a, --add        Add a OBJECT record NAME
	-d, --delete     Delete a OBJECT record NAME
	-m, --modify     Modify a OBJECT record NAME
        -i, --input      Input multiple semange commands in a transaction
        -o, --output     Output current customizations as semange commands
	-l, --list       List the OBJECTS
	-E, --extract    extract customizable commands
	-C, --locallist  List OBJECTS local customizations
	-D, --deleteall  Remove all OBJECTS local customizations
	-h, --help       Display this message
	-n, --noheading  Do not print heading when listing OBJECTS
        -S, --store      Select and alternate SELinux store to manage
Object-specific Options (see above):
	-f, --ftype      File Type of OBJECT
		"" (all files)
		-- (regular file)
		-d (directory)
		-c (character device)
		-b (block device)
		-s (socket)
		-l (symbolic link)
		-p (named pipe)
        -F, --file       Treat target as an input file for command, change multiple settings
	-p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
	-M, --mask       Netmask
        -e, --equal      Substitue source path for dest path when labeling
	-P, --prefix     Prefix for home directory labeling
	-L, --level      Default SELinux Level (MLS/MCS Systems only)
	-R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
	-s, --seuser     SELinux User Name
	-t, --type       SELinux Type for the object
	-r, --range      MLS/MCS Security Range (MLS/MCS Systems only)
        --enable         Enable a module
        --disable        Disable a module