CentOS7相比CentOS6的防火墙改变特别大,所以记录下
1.修改sshd端口并只限制密钥登录
编辑/etc/ssh/sshd_config
Port 20755
PermitRootLogin no
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
UseDNS no
2. 修改防火墙开放端口
cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
vim /etc/firewalld/services/ssh.xml
vim /etc/firewalld/zones/public.xml
3. 登录普通用户
useradd hzkeung
su – hzkeung
mkdir .ssh
chmod 600 .ssh
vi .ssh/authorized_keys #输入密钥的公钥
chmod 600 .ssh/authorized_keys
4.切换到root, 并重新加载配置文件
systemctl restart sshd.service; firewall-cmd –reload
来源:https://hzkeung.com/2016/12/20/centos7%E4%BF%AE%E6%94%B9ssh%E7%AB%AF%E5%8F%A3%E5%B9%B6%E9%80%9A%E8%BF%87%E5%AF%86%E7%A0%81%E7%99%BB%E5%BD%95