CentOS7修改ssh端口并通过密码登录

CentOS7相比CentOS6的防火墙改变特别大，所以记录下

1.修改sshd端口并只限制密钥登录

编辑/etc/ssh/sshd_config

Port 20755
PermitRootLogin no
PubkeyAuthentication yes

PermitEmptyPasswords no
PasswordAuthentication no

#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no

UseDNS no

2. 修改防火墙开放端口

cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
vim /etc/firewalld/services/ssh.xml

vim /etc/firewalld/zones/public.xml


Public
For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

3. 登录普通用户

useradd hzkeung

su – hzkeung

mkdir .ssh

chmod 600 .ssh

vi .ssh/authorized_keys #输入密钥的公钥

chmod 600 .ssh/authorized_keys

4.切换到root, 并重新加载配置文件
systemctl restart sshd.service; firewall-cmd –reload

来源：https://hzkeung.com/2016/12/20/centos7%E4%BF%AE%E6%94%B9ssh%E7%AB%AF%E5%8F%A3%E5%B9%B6%E9%80%9A%E8%BF%87%E5%AF%86%E7%A0%81%E7%99%BB%E5%BD%95