Question

我有一台CentOS 6.4机器，想要更改默认的SSH端口，并按照以下说明操作：

进行这些更改后（包括＆＃34; semanage端口-a -t ssh_port_t -p tcp 2345＆＃34;），然后重新启动SSHD，我仍然无法通过新的备用端口进行连接

我看到主机正在侦听新端口：

# netstat -antp | grep 2345 | grep LISTEN
tcp        0      0 0.0.0.0:2345                0.0.0.0:*                   LISTEN      6998/sshd           
tcp        0      0 :::2345                     :::*                        LISTEN      6998/sshd

我看到SELINUX政策似乎是正确的：

# /usr/sbin/semanage port -l | grep ssh
ssh_port_t                     tcp      2345, 22

我也看到IPTABLES似乎也是正确的：

# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere            udp dpt:domain 
    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere            tcp dpt:domain 
    0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere            udp dpt:bootps 
    0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere            tcp dpt:bootps 
 179K  145M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
  185  7200 ACCEPT     icmp --  any    any     anywhere             anywhere            
    2    99 ACCEPT     all  --  lo     any     anywhere             anywhere            
   39  2028 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
29763   11M REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    virbr0  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  virbr0 any     192.168.122.0/24     anywhere            
    0     0 ACCEPT     all  --  virbr0 virbr0  anywhere             anywhere            
    0     0 REJECT     all  --  any    virbr0  anywhere             anywhere            reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  virbr0 any     anywhere             anywhere            reject-with icmp-port-unreachable 
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 118K packets, 24M bytes)
 pkts bytes target     prot opt in     out     source               destination

最后，我可以在本地telnet到端口：

# telnet localhost 2345
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3

但是无法从外部远程登录或SSH到新的备用端口。

我不在任何类型的防火墙后面。

有什么想法，建议吗？我很沮丧。

丹

Answer 1

（我不知道semanage命令在做什么。）

但在我看来，问题是防火墙。我没有看到2345端口被接受。我看到的是：

39  2028 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh

但是这里的ssh意味着端口22，由/ etc / services定义（除非centos / semanage正在做奇怪的事情）。

CentOS 6.4和备用SSH端口无法正常工作

1 个答案: