我有一台 CentOS 6.4 机器,想更改默认 SSH 端口,并按照以下说明操作:
进行这些更改(包括“semanage port -a -t ssh_port_t -p tcp 2345”)并重新启动 SSHD 后,我仍然无法通过新的备用端口进行连接。
我看到主机正在侦听新端口:
# netstat -antp | grep 2345 | grep LISTEN
tcp 0 0 0.0.0.0:2345 0.0.0.0:* LISTEN 6998/sshd
tcp 0 0 :::2345 :::* LISTEN 6998/sshd
而且我看到 SELINUX 政策似乎是正确的:
# /usr/sbin/semanage port -l | grep ssh
ssh_port_t tcp 2345, 22
而且我看到 IPTABLES 似乎也是正确的:
# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:bootps
179K 145M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
185 7200 ACCEPT icmp -- any any anywhere anywhere
2 99 ACCEPT all -- lo any anywhere anywhere
39 2028 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
29763 11M REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere
0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere
0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 118K packets, 24M bytes)
pkts bytes target prot opt in out source destination
最后,我可以远程登录到本地端口:
# telnet localhost 2345
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
但不能从外部 telnet 或 SSH 到新的备用端口。
我不在任何形式的防火墙后面。
有什么想法、建议吗?我很困惑。
担