Ganti port dan seting private key untuk ssh centos 7

9.7.18 Ilham S.Putra 0 Comments

Ganti Port
First Take a backup copy of the existing SSH server configuration :
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Now Edit the configuration file :
vim /etc/ssh/sshd_config
and change the Port number from 22 to any custom port you choose :
Port 2244
Save the file with :wq!
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
Example Case :
you need to install policycoreutils package to run the semanage command. to do this :
yum -y install policycoreutils-python
now update SeLinux policy to allow new port for SSH service. to do this, run below :
semanage port -a -t ssh_port_t -p tcp 2244
now you need to update Firewall policy to allow new SSH Port, to do this run below :
firewall-cmd --permanent --zone=public --add-port=2244/tcp
firewall-cmd --reload
systemctl restart sshd.service
to Check the service status, run below :
ss -tnlp | grep ssh

Setting Private key
Once you have access to your account on the remote server, you should make sure the ~/.ssh directory exists. This command will create the directory if necessary, or do nothing if it already exists:
  • mkdir -p ~/.ssh
copykan atau buat file authorized_keys dengan isi public key yang akan di gunakan.

  • vi authorized_keys

Finally, we’ll ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:
  • chmod -R go= ~/.ssh
This recursively removes all “group” and “other” permissions for the ~/.ssh/ directory.
If you’re using the root account to set up keys for a user account, it’s also important that the ~/.sshdirectory belongs to the user and not to root:
  • chown -R sammy:sammy ~/.ssh
In this tutorial our user is named sammy but you should substitute the appropriate username into the above command.
We can now attempt passwordless authentication with our Ubuntu server.
cara login ssh

  • chown -R sammy: sudo ssh -i path_private_key_disimpan -p port user@IP_yang_dituju

0 komentar: