如何更改Google Cloud实例上的sshd端口? [英] How to change sshd port on google cloud instance?
问题描述
我将/etc/ssh/sshd_config
中的端口更改为23.我重新启动了sshd( sudo systemctl restart sshd
).我为23添加了防火墙规则:
I changed port in /etc/ssh/sshd_config
to 23. I restarted sshd (sudo systemctl restart sshd
). I added firewall rule for 23:
gcloud计算防火墙规则创建debug-ssh-23 --allow tcp:23
但是仍然无法正常工作... Ssh命令超时.如何正确更改 sshd
端口?
But still is not working... Ssh commands times out. How to change sshd
port properly?
防火墙规则是:{允许":[{"IPProtocol":"tcp",端口":["23"]}],"creationTimestamp":"2018-10-02T14:02:23.646-07:00",描述": "","direction":"INGRESS",已禁用":false,"id":"3968818270732968496","kind":"compute#firewall","name":"debug-ssh-23","network":"https://www.googleapis.com/compute/v1/projects/foo/global/networks/default",优先级":1000,"selfLink":"https://www.googleapis.com/compute/v1/projects/foo/global/firewalls/debug-ssh-23","sourceRanges":["0.0.0.0/0"]}
但是我无法在此端口上访问简单的nginx服务.在80年代,作品.80的规则与此类似.
But I can't access simple nginx service on this port. On 80, works. Rule for 80 is similar.
sshd_config:
sshd_config:
# Force protocol v2 only
Protocol 2
# Disable IPv6 for now
AddressFamily inet
# /etc is read-only. Fetch keys from stateful partition
# Not using v1, so no v1 key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key
PasswordAuthentication no
ChallengeResponseAuthentication no
PermitRootLogin no
UsePAM yes
PrintMotd no
PrintLastLog no
UseDns no
Subsystem sftp internal-sftp
PermitTunnel no
AllowTcpForwarding yes
X11Forwarding no
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
# Compute times out connections after 10 minutes of inactivity. Keep alive
# ssh connections by sending a packet every 7 minutes.
ClientAliveInterval 420
AcceptEnv EDITOR LANG LC_ALL PAGER TZ
推荐答案
除 sshd_config
选项 Port
之外,另请参见 ListenAddress
besides sshd_config
option Port
, also see ListenAddress
运行 sudo systemctl重新加载sshd.service
以应用更改.
您需要添加选项 ssh-flag
才能连接到另一个端口:
you need to add option ssh-flag
in order to connect to another port:
gcloud compute --project "PROJECT_NAME" ssh --zone "us-central1-b" "instance-1" --ssh-flag="-p 23"
在云控制台中,还在浏览器窗口中的自定义端口上打开".
in the cloud console, there's also "open in a browser window on a custom port".
查看它是否在听,以及在哪里听...
to see, if and where it is listening ...
sudo cat /var/log/secure | grep sshd
输出应该像这样:
instance-1 sshd[1192]: Server listening on 0.0.0.0 port 23.
instance-1 sshd[1192]: Server listening on :: port 23.
这篇关于如何更改Google Cloud实例上的sshd端口?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!