概述

为了安全考虑需要修改默认sshd远程连接端口,但通过配置文件修改远程端口后无法启动sshd服务,以下是报错内容:

Oct 16 10:49:26 centos-s-1vcpu-1gb-amd-sfo3-01 sshd[7317]: error: Bind to port 22022 on 0.0.0.0 failed: Permission denied.
Oct 16 10:49:26 centos-s-1vcpu-1gb-amd-sfo3-01 sshd[7317]: error: Bind to port 22022 on :: failed: Permission denied.
Oct 16 10:49:26 centos-s-1vcpu-1gb-amd-sfo3-01 sshd[7317]: fatal: Cannot bind any address.
Oct 16 10:49:26 centos-s-1vcpu-1gb-amd-sfo3-01 systemd[1]: sshd.service: main process exited, code=exited, status=255/n/a
Oct 16 10:49:26 centos-s-1vcpu-1gb-amd-sfo3-01 systemd[1]: Failed to start OpenSSH server daemon.

解决方式

Centos 自带 SELinux服务,当启用时,SELinux 默认只允许 ssh 守护进程在端口 22 上运行。

[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

执行如下命令添加端口

[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# semanage port -a -t ssh_port_t -p tcp 22022
[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# systemctl start sshd

分类: Linux