今天在虚拟机上安装完CentOS之后,修改了SSH默认端口:
sed -i "s/#Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config
service sshd restart重启sshd的时候出现下面的错误:
Redirecting to /bin/systemctl restart sshd.service
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@localhost shell]# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since 四 2021-11-18 11:48:50 CST; 12s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1653 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=255)
Main PID: 1653 (code=exited, status=255)
11月 18 11:48:50 localhost.localdomain systemd[1]: sshd.service: main process exited, code=exi.../a
11月 18 11:48:50 localhost.localdomain systemd[1]: Failed to start OpenSSH server daemon.
11月 18 11:48:50 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
11月 18 11:48:50 localhost.localdomain systemd[1]: sshd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.后来查找了一下资料得知,SELINUX 只允许使用22作为SSH的端口,需要采用下面的两种方式进行解决:
1. 禁用SELINUX
禁用SELINUX只需要执行下面的两行代码即可:
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
reboot记住:最后必须重启服务器才能生效。
2. 允许SELINUX使用新的SSH端口
假定新的端口为22888,可以执行下面的代码:
yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp 22888还有不要忘记将新的端口添加到防火墙的放行端口中:
firewall-cmd --permanent --zone=public --add-port=22888/tcp
firewall-cmd --reload最后可以使用 ss -tnlp|grep ssh 命令查看SSH运行到端口。