實現目的:把ssh默認遠程連接端口修改爲8909方法如下:
1、編輯防火牆配置:vi /etc/sysconfig/iptables
防火牆增加新端口8909
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8909 -j ACCEPT
======================================================================
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8909-j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
重啓防火牆,使配置生效:
/etc/init.d/iptables restart
service iptables restart
=======================================================================
2、備份ssh端口配置文件
cp /etc/ssh/ssh_config /etc/ssh/ssh_configbak
cp /etc/ssh/sshd_config /etc/ssh/sshd_configbak
修改ssh端口爲:8909
vi /etc/ssh/sshd_config
在端口#Port 22下面增加Port8909 (把默認的22端口# 去掉)
vi /etc/ssh/ssh_config
在端口#Port 22下面增加Port 8909 (把默認的22端口#去掉)
重啓:/etc/init.d/sshd restart
service sshd restart
用8909端口可以正常連接之後,再返回去重複上面的步驟。把22端口禁用了,以後ssh就只能用8909端口連接了!增強了系統的安全性。