[root@kvm-node33 ~]# netstat -tnlp |grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1510/sshd
tcp6 0 0 :::22 :::* LISTEN 1510/sshd
[root@kvm-node33 ~]# vim /etc/ssh/sshd_config
Port 5222
[root@kvm-node33 ~]# systemctl restart sshd.service
[root@kvm-node33 ~]# netstat -tnlp |grep ssh
[root@kvm-node33 ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 30801/rpcbind
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2266/master
tcp6 0 0 :::111 :::* LISTEN 30801/rpcbind
tcp6 0 0 ::1:25 :::* LISTEN 2266/master
[root@kvm-node33 ~]# netstat -tnlp |grep ssh
[root@kvm-node33 ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 30801/rpcbind
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2266/master
tcp6 0 0 :::111 :::* LISTEN 30801/rpcbind
tcp6 0 0 ::1:25 :::* LISTEN 2266/master
这里不能发现SSH服务
step1 修改/etc/ssh/sshd_config
vi /etc/ssh/sshd_config
#Port 22 //这行去掉#号
Port 5222 //下面添加这一行
step2 修改SELinux
使用以下命令查看当前SElinux 允许的ssh端口:
semanage port -l | grep ssh
添加20000端口到 SELinux
semanage port -a -t ssh_port_t -p tcp 5222
然后确认一下是否添加进去
semanage port -l | grep ssh
如果成功会输出
ssh_port_t tcp 5222, 22
step3 重启ssh
systemctl restart sshd.service
不过上述方法仅仅是在ssh中设置端口,还要在防火墙firewalld中放行才是
还有一种办法直接关掉
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
grep SELINUX=disabled /etc/selinux/config
setenforce 0
systemctl restart sshd.service