如何更改Google Cloud实例上的sshd端口? [英] How to change sshd port on google cloud instance?

问题描述

我将/etc/ssh/sshd_config 中的端口更改为23.我重新启动了sshd( sudo systemctl restart sshd ).我为23添加了防火墙规则:

I changed port in /etc/ssh/sshd_config to 23. I restarted sshd (sudo systemctl restart sshd). I added firewall rule for 23:

gcloud计算防火墙规则创建debug-ssh-23 --allow tcp:23

但是仍然无法正常工作... Ssh命令超时.如何正确更改 sshd 端口?

But still is not working... Ssh commands times out. How to change sshd port properly?

防火墙规则是:{允许":[{"IPProtocol":"tcp"，端口":["23"]}]，"creationTimestamp":"2018-10-02T14:02:23.646-07:00"，描述": ""，"direction":"INGRESS"，已禁用":false，"id":"3968818270732968496"，"kind":"compute#firewall"，"name":"debug-ssh-23"，"network":"https://www.googleapis.com/compute/v1/projects/foo/global/networks/default"，优先级":1000，"selfLink":"https://www.googleapis.com/compute/v1/projects/foo/global/firewalls/debug-ssh-23"，"sourceRanges":["0.0.0.0/0"]}

但是我无法在此端口上访问简单的nginx服务.在80年代，作品.80的规则与此类似.

But I can't access simple nginx service on this port. On 80, works. Rule for 80 is similar.

sshd_config:

sshd_config:

# Force protocol v2 only
Protocol 2

# Disable IPv6 for now
AddressFamily inet

# /etc is read-only.  Fetch keys from stateful partition
# Not using v1, so no v1 key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key

PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
UsePAM yes

PrintMotd no
PrintLastLog no
UseDns no
Subsystem sftp internal-sftp

PermitTunnel no
AllowTcpForwarding yes
X11Forwarding no

Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

# Compute times out connections after 10 minutes of inactivity.  Keep alive
# ssh connections by sending a packet every 7 minutes.
ClientAliveInterval 420

AcceptEnv EDITOR LANG LC_ALL PAGER TZ

推荐答案

除 sshd_config 选项 Port 之外，另请参见 ListenAddress

besides sshd_config option Port, also see ListenAddress

运行 sudo systemctl重新加载sshd.service 以应用更改.

您需要添加选项 ssh-flag 才能连接到另一个端口:

you need to add option ssh-flag in order to connect to another port:

gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 23"

在云控制台中，还在浏览器窗口中的自定义端口上打开".

in the cloud console, there's also "open in a browser window on a custom port".

查看它是否在听，以及在哪里听...

to see, if and where it is listening ...

sudo cat /var/log/secure | grep sshd

输出应该像这样:

instance-1 sshd[1192]: Server listening on 0.0.0.0 port 23.
instance-1 sshd[1192]: Server listening on :: port 23.

这篇关于如何更改Google Cloud实例上的sshd端口?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！