On Thu, Feb 18, 2016 at 3:48 AM, Adrian Sevcenco <Adrian.Sevcenco@xxxxxxx>
wrote:
> Hi! I want to change the sshd port at install for centos7 but i am not sure
> if i am on the good track (and it is time expensive to make many
> try-outs)..
> So, i would be grateful if someone with experience can spot if i have
> problems
> with my planning.. (the actual purpose is that after installation i have
> access
> for my ansible provisioning)
>
> first make sure ssh is started
> services --enabled=sshd,chronyd
>
> then .. i imagine that in the %post section
> %post --interpreter=/usr/bin/bash --log=/root/ks-post.log
> 1. i could use sed to change the port
> sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config
> 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/'
> /etc/ssh/sshd_config
>
Not sure if off topic, but you may also consider disabling password login
and use key pair to connect through ssh
> 3. enable key access
> mkdir -p /root/.ssh
> chmod 700 /root/.ssh
> cat << EOF >> /root/.ssh/authorized_keys
> my_ssh_pubkey
> EOF
> 4. semanage port -a -t ssh_port_t -p tcp 60000
> 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp
> 6. systemctl enable firewalld.service
>
> did i miss anything?
> Thank you!
> Adrian
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
>
--
Java <http://javadevnotes.com/java-float-to-int> and Groovy
<http://grails.asia/groovy-array-length>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
