注: 系统版本:CentOS release 6.9 (Final) 连接工具:xshell 虚拟机:VMware 12 pro
先创建一个普通用户以备使用
[root@c69-01 ~]# useradd test
[root@c69-01 ~]# passwd test
Changing password for user test.
New password:
[root@c69-01 ~]# vi /etc/ssh/sshd_config
…………
PermitRootLogin no # 找到PermitRootLogin这行,改为no
…………
[root@c69-01 ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
1、使用root用户登录
提示输入密码,输入正确的密码后,一直提示输入,其实是禁止了root远程登录
2、使用普通用户test登录
Connecting to 10.0.0.200:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Last login: Thu Feb 22 06:17:23 2018 from 10.0.0.1
[test@c69-01 ~]$
登录成功
查看iptables状态
[root@c69-01 ~]# /etc/init.d/iptables status
iptables: Firewall is not running.
开启iptables
[root@c69-01 ~]# /etc/init.d/iptables start
修改iptables配置文件
[root@c69-01 ~]# vim /etc/sysconfig/iptables
………..
-A INPUT -p tcp -m state --state NEW -m tcp --dport 40022 -j ACCEPT # 表示允许访问40022端口
………..
下面两个命令操作顺序不要搞反了,否则修改失败,通过cat查看上面文件
[root@c69-01 ~]# /etc/init.d/iptables restart
iptables: Applying firewall rules: [ OK ]
[root@c69-01 ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@c69-01 ~]# cat /etc/sysconfig/iptables
...........
-A INPUT -p tcp -m state --state NEW -m tcp --dport 40022 -j ACCEPT
...........
[root@c69-01 ~]# vi /etc/ssh/sshd_config
………..
Port 40022 # 找到该行,与刚才修改iptables文件保持一致
………..
重启ssh服务
[root@c69-01 ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
查看22号端口是否开放服务
[c:\~]$ telnet 10.0.0.200 22
Connecting to 10.0.0.200:22...
Could not connect to '10.0.0.200' (port 22): Connection failed.
Type `help' to learn how to use Xshell prompt.
[c:\~]$
查看40022号端口是否开放服务
[c:\~]$ telnet 10.0.0.200 40022
Connecting to 10.0.0.200:40022...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
SSH-2.0-OpenSSH_5.3
用普通用户test,使用默认的端口号22连接虚拟机,提示失败
Connecting to 10.0.0.200:22...
Could not connect to '10.0.0.200' (port 22): Connection failed.
Type `help' to learn how to use Xshell prompt.
用普通用户test,使用修改后的端口号为40022,再次连接,连接成功
Connecting to 10.0.0.200:40022...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Last login: Thu Feb 22 06:21:01 2018 from 10.0.0.1
[test@c69-01 ~]$
方法1:
[root@c69-01 ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768 60999
方法2:
[root@c69-01 ~]# sysctl -a | grep ip_local_port_range
net.ipv4.ip_local_port_range = 32768 60999
把端口号设置在这个范围即可,超过这个范围,可能会出现预料之外的结果
注意:本博客仅供参考,读者可根据自己的实际情况进行修改!