Kwi-Fedora 23 kunokwenzeka ukutshintsha i-SSH port engagqibekanga (22) iye kwenye oyikhethileyo engaphezulu kwe-1024, kwaye ngokuchaseneyo emva koko unokubeka enye izibuko kunxibelelwano lwangaphandle.
Xa uza kutshintsha izibuko le-SSH eFedora 23 kufuneka sigcine imigaqo emithathu
- Ukucwangciswa kwe-sshd daemon eya kuthi yabelwe izibuko.
- Useto lwe-firewall ukuze lubambe kwelo zibuko litsha.
- Kwaye uqwalasele i-selinux (ukuba iyasebenza) ukumisela umgaqo-nkqubo wokusetyenziswa kwelo zibuko.
Kulungile ke, masibone ukuba itshintshwa njani izibuko kuqwalaselo lweSSH
Sivula i-terminal kunye / njl / ssh / sshd_config kwaye senze oku kulandelayo
Asizimiselanga kwizibuko kwaye sabela elinye inani, sinokubeka iiPorts ezininzi
sshd ukumamela kumazibuko amaninzi>
Izibuko
Ukudalwa kwamazibuko aliqela kunokuba luncedo kuvavanyo, sishiya izibuko lama-22 kunye nale siyenzileyo, ukuze siqiniseke ukuba izibuko elitsha liyasebenza kwaye ukuba izibuko elitsha alisebenzi okanye alilungiselelwanga kwaphela ngokuchanekileyo izibuko 22.
Ngoku ukongeza utshintsho kwi-selinux
Ukudibana kwezibuko -a -t ssh_port_t -p tcp
Ngoku sihamba nodonga lomlilo
Kwi-Fedora 23 i-firewall ilawulwa ngayo i-firewall-cmd.
Ukuba sifuna ukubona imimandla esebenzayo:
firewall-cmd-uluhlu-lonke
Emva koko iya kubuyisa into enje:
I-FedoraServer (emiselweyo, esebenzayo) yokuhlangana: imithombo: iinkonzo: amazibuko: iiprotokholi: umasquerade: phambili-amazibuko: icmp-iibhloko: imithetho etyebileyo
Kodwa ukuba into esiyifunayo kukusixelela ukuba yeyiphi indawo emiselweyo, siya kubhala oku:
firewall-cmd -get-default-zone FedoraServer
Emva koku sinokongeza izibuko elitsha kwi-firewall
Ukongeza izibuko lohlobo tcp kwindawo yomlilo siza kubhala lo mgca wokuyalela:
firewall-cmd -isigxina-indawo = Yongeza izibuko = / tcp
Kuya kufuneka sazi ukuba xa sifuna ukwenza uvavanyo lwexeshana, siza kuyishiya -Ngokusisigxina, kodwa ukuba yeyokwexeshana, akufuneki ulubone utshintsho xa usiya kwimithetho ye-firewall.
Makhe sijonge ukuba ngaba izibuko livulekile ngokwendalo kwi-firewall ngalo myalelo:
firewall-cmd-umbuzo-port = / tcp
Ukuba siyenze kakuhle kwaye ukuba ivulekile, iya kuyibonisa ngo "ewe"
Oluqwalaselo olunye lunokusetyenziswa kuninzi lweeseva ze-Apache zeseva ze-http.
Iposti enkulu enkosi ngesabelo
Enkosi ngenqaku lakho elilungileyo
tanx kakhulu
enkosi ngokwabelana ngeposi…