CentOS 7修改ssh服务默认端口

查看当前ssh服务端口

一般ssh服务的默认端口为22,查看目前监听的端口用ss,命令如下:

1
2
3
# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1203,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1203,fd=4))

修改ssh默认端口

  • 修改sshd配置文件

# vim /etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
Port 27228
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

建议:修改端口前,先去掉#Port 22前的注释,开放两个端口防止修改端口失败,无法远程连入主机。

  • 重启ssh服务
    #systemctl restart sshd
  • 查看监听端口
1
2
3
# ss -tnlp | grep ssh
LISTEN 0 128 *:27228 *:* users:(("sshd",pid=1203,fd=3))
LISTEN 0 128 :::27228 :::* users:(("sshd",pid=1203,fd=4))

可以看到端口27228进行了监听

在修改完成之后 必须 进行测试连接。

如果测试通过,那么就将22端口禁用:#Port 22,并重启ssh服务#systemctl restart sshd
如果测试不能通过,那么必须检查防火墙firewalld放行端口、selinux问题。

  • 修改/etc/services文件

# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
#
# Network services, Internet style
# IANA services version: last updated 2013-04-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn’t support UDP operations.
# Updated from RFC 1700, Assigned Numbers’’ (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases …] [# comment]

tcpmux      1/tcp                 # TCP port service multiplexer
tcpmux      1/udp                # TCP port service multiplexer
rje         5/tcp                # Remote Job Entry
rje         5/udp                # Remote Job Entry
echo        7/tcp
echo        7/udp
discard       9/tcp      sink null
discard       9/udp      sink null
systat       11/tcp      users
systat       11/udp      users
daytime      13/tcp
daytime      13/udp
qotd        17/tcp      quote
qotd        17/udp      quote
msp        18/tcp                # message send protocol (historic)
msp        18/udp                # message send protocol (historic)
chargen      19/tcp      ttytst source
chargen      19/udp      ttytst source
ftp-data      20/tcp
ftp-data      20/udp
# 21 is registered to ftp, but also used by fsp
ftp         21/tcp
ftp         21/udp      fsp fspd
ssh         22/tcp                # The Secure Shell (SSH) Protocol
ssh         22/udp                # The Secure Shell (SSH) Protocol
telnet        23/tcp
telnet        23/udp

22/tcp 22/udp改为27228/tcp 27228/udp

修改此文件的目的主要是便于以后端口的查找,/etc/services文件是标准端口配置文件,在有些服务启动的时候,对应的端口也是从此文件中查找;在使用这些端口的时候,最好不要重复,否则会导致有些服务无法启动。