修改linux debian10 ssh默认22端口为自定义安全端口

2021-7-18

连上SSH后，我们修改访问端口的文件为 /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

找到#Port 22这一段,把#号去掉即可，在这一段下面新加一段，Port 3088

root@:~# vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

Port 22
Port 3088
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

:wq 保存

wq保存后，重启SSH服务

使用
etc/init.d/sshd restart    

或者
service sshd restart

如果无法访问，centos需要关闭iptables，debian忽略这里

使用
/etc/init.d/iptables stop

或者
service iptables stop  

不关闭防火墙则需要新增一条方行通过3088端口的策略
vi /etc/sysconfig/iptables

  :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 3088 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT