Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
CSF Firewall / Re: CSF Blocks Login url/port ?
« on: July 08, 2016, 03:25:44 PM »
Hello,
I had the same trouble and now it's work well again. After a few minutes and few head hash, this is what command solves it.
To Change SSH port on a CentOS Linux
You can use any one of the following option in/etc/ssh/sshd_config file:
If Port is not specified, sshd will listen on the address and all prior Port options specified. The
default is to listen on all local IP addresses. Multiple ListenAddress options are aloowed in
sshd_config.
Run ssh on a non-standard port # 2022 using Portoption
Edit /etc/ssh/sshd_config, enter:
Edit/Append as follows to set Port to 2022:
CentOS run ssh on a non-standard port # 2022 using ListenAddress option
Note: If you have multiple IP address on the server, try ListenAddress as follows :
Reload SSHD service
Before you restart or reload sshd server. You need to update:
A note about OpenSSH SELinux user
If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
Update firewall settings
You also need to update firewall settings so that users can login using TCP # 2022.
Edit, /etc/sysconfig/iptables and open sshd port 2022:
Edit/append as follows:
Save and close the file. If you are using IPv6, edit/etc/sysconfig/ip6tables file too.
Temporally, stop the firewall so that you will not loos the connectivity to the server:
Fail2ban settings
Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures,
seeking for exploits, ssh login etc. See this comment below on how to change your port number and you use fail2ban you have to update the rules.
Restart sshd on a CentOS
Type the following command to restart / reload SSHD service:
Finally, star the firewall on a CentOS Linux:
Now it's done, enjoy !
I had the same trouble and now it's work well again. After a few minutes and few head hash, this is what command solves it.
To Change SSH port on a CentOS Linux
You can use any one of the following option in/etc/ssh/sshd_config file:
Code: [Select]
Port PortNumberHereORCode: [Select]
ListenAddress IPv4Address:Port
ListenAddress IPv6Address:Port
ListenAddress Hostname:Port
If Port is not specified, sshd will listen on the address and all prior Port options specified. The
default is to listen on all local IP addresses. Multiple ListenAddress options are aloowed in
sshd_config.
Run ssh on a non-standard port # 2022 using Portoption
Edit /etc/ssh/sshd_config, enter:
Code: [Select]
# vi /etc/ssh/sshd_configEdit/Append as follows to set Port to 2022:
Code: [Select]
Port 2022Save and close the file.CentOS run ssh on a non-standard port # 2022 using ListenAddress option
Note: If you have multiple IP address on the server, try ListenAddress as follows :
Code: [Select]
## bind sshd to two ip address on a non‐standard port ##
ListenAddress 192.168.1.5:2022
ListenAddress 203.1.2.3:2022Save and close the file.Reload SSHD service
Before you restart or reload sshd server. You need to update:
- 1. SELinux configuration
2. Firewall settings
3. fail2ban settings
A note about OpenSSH SELinux user
If you are using SELinux, add tcp port # 2022 to port contexts for OpenSSH server:
Code: [Select]
# semanage port ‐a ‐t ssh_port_t ‐p tcp 2022Update firewall settings
You also need to update firewall settings so that users can login using TCP # 2022.
Edit, /etc/sysconfig/iptables and open sshd port 2022:
Code: [Select]
# vi /etc/sysconfig/iptablesEdit/append as follows:
Code: [Select]
## delete or comment out port 22 line ##
## ‐A INPUT ‐m state ‐‐state NEW ‐m tcp ‐p tcp ‐‐dport 22 ‐j ACCEPT
## open port 2022
‐A INPUT ‐m state ‐‐state NEW ‐m tcp ‐p tcp ‐‐dport 2022 ‐j ACCEPTSave and close the file. If you are using IPv6, edit/etc/sysconfig/ip6tables file too.
Temporally, stop the firewall so that you will not loos the connectivity to the server:
Code: [Select]
# service iptables stop
# service ip6tables stopFail2ban settings
Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures,
seeking for exploits, ssh login etc. See this comment below on how to change your port number and you use fail2ban you have to update the rules.
Restart sshd on a CentOS
Type the following command to restart / reload SSHD service:
Code: [Select]
# service sshd reloadVerify new port settings with the following netstat command:Code: [Select]
# netstat ‐tulpn | grep sshdFinally, star the firewall on a CentOS Linux:
Code: [Select]
# service iptables start
## IPv6 ##
# service ip6tables startNow it's done, enjoy !
Pages: [1]
