{"id":822,"date":"2022-10-20T08:52:00","date_gmt":"2022-10-20T00:52:00","guid":{"rendered":"http:\/\/www.langmanezhuang.com\/index.php\/2022\/10\/20\/centos-8-%e6%b7%bb%e5%8a%a0ssh%e8%bf%9c%e7%a8%8b%e7%99%bb%e5%bd%95%e7%ab%af%e5%8f%a3%e5%b9%b6%e7%a6%81%e7%94%a822%e7%ab%af%e5%8f%a3\/"},"modified":"2022-11-26T20:53:22","modified_gmt":"2022-11-26T12:53:22","slug":"centos-8-%e6%b7%bb%e5%8a%a0ssh%e8%bf%9c%e7%a8%8b%e7%99%bb%e5%bd%95%e7%ab%af%e5%8f%a3%e5%b9%b6%e7%a6%81%e7%94%a822%e7%ab%af%e5%8f%a3","status":"publish","type":"post","link":"http:\/\/blog.langmanezhuang.com\/index.php\/2022\/10\/20\/centos-8-%e6%b7%bb%e5%8a%a0ssh%e8%bf%9c%e7%a8%8b%e7%99%bb%e5%bd%95%e7%ab%af%e5%8f%a3%e5%b9%b6%e7%a6%81%e7%94%a822%e7%ab%af%e5%8f%a3\/","title":{"rendered":"CentOS 8 \u6dfb\u52a0SSH\u8fdc\u7a0b\u767b\u5f55\u7aef\u53e3\u5e76\u7981\u752822\u7aef\u53e3"},"content":{"rendered":"

\u672c\u6b21\u65b0\u52a0\u7aef\u53e3\u4e3a\uff1a50202<\/p>\n

0X01 \u5907\u6ce8\uff1a\u672c\u6bb5\u64cd\u4f5c\u662f\u5728\u9632\u706b\u5899\u5f00\u542f\u7684\u72b6\u6001\u4e0b\u8fdb\u884c<\/span><\/p>\n

\u4e00\uff1a\u4fee\u6539SSH\u914d\u7f6e\u6587\u4ef6,\u76ee\u5f55\u4e3a\uff1avim \/etc\/ssh\/sshd_config:<\/p>\n

1.\u6309 i \u8fdb\u5165\u7f16\u8f91\u72b6\u6001\uff0c\u6309\u4e0a\u4e0b\u952e\u627e\u5230“#Port 22”\u8fd9\u4e00\u884c\uff0c\u7136\u540e\u628a\u884c\u524d\u7684“#”\u53f7\u5373\u6ce8\u91ca\u53bb\u6389\uff0c\u5373\u4fee\u6539\u6210\uff1a\uff1b<\/p>\n

\u63d0\u793a\uff1ai \u662f\u8fdb\u5165\u7f16\u8f91\u72b6\u6001\uff0c<\/p>\n

\u7f16\u8f91\u5b8c\u6309esc\u952e\uff0c\u5728\u8f93\u5165:wq \u4fdd\u5b58\u5e76\u9000\u51fa\uff0c<\/p>\n

cat sshd_config \u547d\u4ee4\u76f4\u63a5\u67e5\u770b\u5185\u5bb9\u662f\u5426\u7f16\u8f91\u6210\u529f<\/p>\n

2.\u65b0\u52a0\u4e00\u884c\u4e3a\uff1aPort 50202\uff1b<\/p>\n

\u8fd9\u6837\u505a\u7684\u76ee\u7684\u5728\u4e0e\u5f53\u524d\u9632\u706b\u524d\u5904\u4e8e\u5f00\u542f\u72b6\u6001\uff0c\u4e00\u65e6\u7981\u752822\u7aef\u53e3\uff0c\u53bb\u8fc750202\u7aef\u53e3\u8bbe\u7f6e\u4e0d\u6210\u529f\u5c31\u9ebb\u70e6\u4e86\u3002<\/p>\n

\u4e8c\uff1a\u5982\u679c\u4f60\u5173\u95ed\u4e86SELinux\uff0c\u53ef\u4ee5\u5ffd\u7565\u7b2c\u4e8c\u6b65<\/p>\n

1.\u5148\u67e5\u770bSELinux\u5f00\u653e\u7ed9ssh\u4f7f\u7528\u7684\u7aef\u53e3,50202\u662f\u5426\u88ab\u5360\u7528\u3002<\/p>\n

\u547d\u4ee4\uff1asemanage port -l|grep ssh<\/p>\n

\u8f93\u51fa\uff1assh_port_t tcp 22<\/p>\n

\u8bf4\u660eSELinux\u6ca1\u6709\u7ed9SSH\u5f00\u653e50202\u7aef\u53e3<\/p>\n

2.\u6dfb\u52a0\u7aef\u53e3\u3002<\/p>\n

\u547d\u4ee4\uff1asemanage port -a -t ssh_port_t -p tcp 50202<\/p>\n

3.\u518d\u6b21\u67e5\u770b\u3002<\/p>\n

\u547d\u4ee4\uff1asemanage port -l|grep ssh<\/p>\n

\u8f93\u51fa\uff1assh_port_t tcp 22\uff0c50202<\/p>\n

\u8bf4\u660e50202\u7aef\u53e3\u6dfb\u52a0\u6210\u529f\u3002<\/p>\n

\u4e09\uff1a\u672c\u6587\u7531\u4e8e\u9632\u706b\u5899\u5904\u4e8e\u5f00\u542f\u72b6\u6001\uff0c\u6240\u4ee5\u8fd8\u9700\u8981\u5728\u9632\u706b\u5899\u4e2d\u5f00\u653e50202\u7aef\u53e3\u3002<\/p>\n

\u67e5\u8be2\u5f00\u653e\u4e86\u54ea\u4e9b\u7aef\u53e3\uff1afirewall-cmd –zone=public –list-ports<\/p>\n

1.\u5148\u67e5\u770b\u9632\u706b\u5899\u662f\u5426\u5f00\u542f\u4e8650202\u7aef\u53e3\u3002<\/p>\n

\u547d\u4ee4\uff1a firewall-cmd –permanent –query-port=50202\/tcp<\/p>\n

\u8f93\u51fa\uff1aFirewallD is not running\u8bf4\u660e\u9632\u706b\u5899\u6ca1\u6709\u5f00\u542f\u3002<\/p>\n

2.\u5f00\u542f\u9632\u706b\u5899\u547d\u4ee4\uff1asystemctl start firewalld<\/p>\n

\u6ca1\u6709\u4efb\u4f55\u63d0\u793a\u5373\u5f00\u542f\u6210\u529f<\/p>\n

3.\u518d\u6b21\u67e5\u770b\u7aef\u53e3\u662f\u5426\u5f00\u542f\u3002<\/p>\n

\u8f93\u51fa\uff1ano<\/p>\n

\u8bf4\u660e\u6ca1\u6709\u5f00\u542f\u3002<\/p>\n

4.\u6dfb\u52a0 –permanent \u53c2\u6570\u8868\u793a\u91cd\u542f\u4e0d\u5931\u6548<\/p>\n

\u547d\u4ee4\uff1afirewall-cmd –permanent –add-port=50202\/tcp<\/p>\n

\u6216\u8005 firewall-cmd –zone=public –add-port=50202\/tcp –permanent<\/p>\n

\u8f93\u51fa\uff1asuccess \u8868\u662f\u6210\u529f\u3002<\/p>\n

\u5220\u9664\u7aef\u53e3\u7684\u547d\u4ee4\uff1a firewall-cmd –zone=public –remove-port=80\/tcp –permanent<\/p>\n

5.\u91cd\u65b0\u52a0\u8f7d\u9632\u706b\u5899<\/p>\n

\u547d\u4ee4\uff1afirewall-cmd –reload<\/p>\n

6.\u518d\u6b21\u67e5\u770b\uff0c\u6267\u884c\u6210\u529f\u540e\uff0c\u67e5\u770b50202\u7aef\u53e3\u662f\u5426\u88ab\u5f00\u542f<\/p>\n

\u547d\u4ee4\uff1afirewall-cmd –permanent –query-port=50202\/tcp<\/p>\n

\u8f93\u51fa\uff1ayes<\/p>\n

\u56db\uff1a\u91cd\u542fSSH\u670d\u52a1\u548c\u9632\u706b\u5899<\/p>\n

\u547d\u4ee4(SSH)\uff1asystemctl restart sshd
\u547d\u4ee4(\u9632\u706b\u5899)\uff1asystemctl restart firewalld.service<\/p>\n

\u4e0d\u884c\u7684\u8bdd\u5c31\u91cd\u542f\u670d\u52a1\u5668<\/p>\n

\u547d\u4ee4\uff1areboot<\/p>\n

\u5230\u8fd9\uff0c\u9632\u706b\u5899\u548cSSH\u6dfb\u52a0\u7aef\u53e3\u6210\u529f\uff0c\u4f7f\u7528\u5de5\u5177\u8fde\u63a5\u6d4b\u8bd5\u4e00\u4e0b\u3002<\/p>\n

\u4e94\uff1aSSH\u4e0e\u9632\u706b\u5899\u7981\u752822\u7aef\u53e3<\/p>\n

1. \u8fdb\u5165vim \/etc\/ssh\/sshd_config\u6587\u4ef6\uff0c\u7136\u540e\u7f16\u8f91\u72b6\u6001<\/p>\n

\u5728Port 22\u524d\u6dfb\u52a0#\u53f7\uff0c\u4fdd\u5b58\u9000\u51fa<\/p>\n

2.\u9632\u706b\u5899\u7981\u752822\u7aef\u53e3<\/p>\n

\u547d\u4ee4\uff1afirewall-cmd –zone=public –remove-port=22\/tcp –permanent<\/p>\n

3.\u91cd\u590d\u7b2c\u56db\u6b65\u3002<\/p>\n

\u6d4b\u8bd5\u4e00\u4e0b\u662f\u5426\u6210\u529f\u3002<\/p>\n

 <\/p>\n

0X02 \u5907\u6ce8\uff1a\u672c\u6bb5\u64cd\u4f5c\u662f\u5728\u5173\u95ed\u7684\u72b6\u6001\u4e0b\u8fdb\u884c\u7684<\/span><\/p>\n

\u4e00\uff1a\u4fee\u6539SSH\u914d\u7f6e\u6587\u4ef6,\u76ee\u5f55\u4e3a\uff1a<\/p>\n

\n
vim \/etc\/ssh\/sshd_config<\/pre>\n<\/div>\n
1.\u6309 i \u8fdb\u5165\u7f16\u8f91\u72b6\u6001\uff0c\u6309\u4e0a\u4e0b\u952e\u627e\u5230“#Port 22”\u8fd9\u4e00\u884c\uff0c\u7136\u540e\u628a\u884c\u524d\u7684“#”\u53f7\u5373\u6ce8\u91ca\u53bb\u6389\uff0c\u5373\u4fee\u6539\u6210\uff1a\uff1b<\/p>\n
\u63d0\u793a\uff1ai \u662f\u8fdb\u5165\u7f16\u8f91\u72b6\u6001\uff0c<\/p>\n
\u7f16\u8f91\u5b8c\u6309esc\u952e\uff0c\u5728\u8f93\u5165:wq \u4fdd\u5b58\u5e76\u9000\u51fa\uff0c<\/p>\n
cat sshd_config \u547d\u4ee4\u76f4\u63a5\u67e5\u770b\u5185\u5bb9\u662f\u5426\u7f16\u8f91\u6210\u529f<\/p>\n
2.\u65b0\u52a0\u4e00\u884c\u4e3a\uff1aPort 50202\uff1b<\/p>\n
\u8fd9\u6837\u505a\u7684\u76ee\u7684\u5728\u4e0e\u5f53\u524d\u9632\u706b\u524d\u5904\u4e8e\u5f00\u542f\u72b6\u6001\uff0c\u4e00\u65e6\u7981\u752822\u7aef\u53e3\uff0c\u53bb\u8fc750202\u7aef\u53e3\u8bbe\u7f6e\u4e0d\u6210\u529f\u5c31\u9ebb\u70e6\u4e86\u3002<\/p>\n
\u4e8c\uff1a\u91cd\u65b0\u542f\u52a8sshd\u6587\u4ef6<\/p>\n
\n
systemctl restart sshd\n<\/pre>\n<\/div>\n
\u6d4b\u8bd5\u4e00\u4e0b\u662f\u5426\u6210\u529f\u3002<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
\u672c\u6b21\u65b0\u52a0\u7aef\u53e3\u4e3a\uff1a50202 0X01 \u5907\u6ce8\uff1a\u672c\u6bb5\u64cd\u4f5c\u662f\u5728\u9632\u706b\u5899\u5f00\u542f\u7684\u72b6\u6001\u4e0b\u8fdb\u884c \u4e00\uff1a\u4fee\u6539SSH\u914d\u7f6e\u6587\u4ef6,\u76ee\u5f55\u4e3a … \u7ee7\u7eed\u9605\u8bfb CentOS 8 \u6dfb\u52a0SSH\u8fdc\u7a0b\u767b\u5f55\u7aef\u53e3\u5e76\u7981\u752822\u7aef\u53e3<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,1],"tags":[],"_links":{"self":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts\/822"}],"collection":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/comments?post=822"}],"version-history":[{"count":1,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts\/822\/revisions"}],"predecessor-version":[{"id":942,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts\/822\/revisions\/942"}],"wp:attachment":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/media?parent=822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/categories?post=822"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/tags?post=822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}