在 CentOS 上使用 openssh

October 12, 2016

• 参考
  • How To Install / Enable OpenSSH On CentOS 7
  • CentOS SSH Installation And Configuration

安装

查看是否安装

1

yum list \*openssh\*

CentOS 7 启动和配置

• 安装

1

sudo yum –y install openssh-server openssh-clients

• 启动、关闭、状态查询

1
2
3

sudo systemctl start sshd
sudo systemctl status sshd
systemctl stop sshd

• 自启动

1
2
3
4

# 自启动
sudo systemctl enable sshd
# 关闭自启动
sudo systemctl disable sshd

CentOS 6 启动和配置

启动、关闭、状态查询

• 状态：service sshd status
• 启动：service sshd start
• 关闭：service sshd stop

开机自启动

• 查看状态：chkconfig –list sshd
• 设置： chkconfig –level 2345 sshd on

配置

1

sudo vim /etc/ssh/sshd_config

To disable root login: PermitRootLogin no

Change the SSH port to run on a non-standard port. For example: Port 2002

1

service sshd restart

防火墙配置

To restrict IP access, edit the iptables file by typing:

sudo vim /etc/sysconfig/iptables

To allow access using the port defined in the sshd config file, add the following line to the iptables file:

1

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2002 -j ACCEPT

To restrict access to a specific IP, for example 133.123.40.166, edit the line as follows:

1

-A RH-Firewall-1-INPUT -s 133.123.40.166 -m state --state NEW -p tcp --dport 2002 -j ACCEPT

If your site uses IPv6, and you are editing ip6tables, use the line:

1

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 2002 -j ACCEPT

Restart iptables to apply the changes: sudo systemctl restart iptables