Check the ssh port of linux, check the ssh of Linux.

How to configure ssh and sftp to use different port numbers under linux?

1, two guardian angels

To separate ssh from sftp and listen to different ports, we can create two' /usr/sbin/sshd' daemons, one listening port 22 (ssh) and the other listening port 20022 (sftp). In order to distinguish the background programs of ssh and sftp services, the background program of ssh service is saved as /usr/sbin/sshd, while the background program of sftp service is saved as. /usr/sbin/sftpd is the link of /usr/sbin/sshd, and the content is exactly the same (ln-SF/usr/sbin/sshd/usr/sbin/sftpd).

2. Two kinds of services

SLES 12 uses systemd to manage system services, and ssh services correspond to the file/usr/lib/systemd/system/sshd.service. When implementing sftp services, you can copy/usr/lib/systemd/system/sshd.service to/etc/systemd/system/sftpd.service, and then modify the contents of the file. (just use the modified sftpd.service file. )

3. ssh services of other file systems are implemented by installing openssh. You can check which files are included in this rpm through rpm-qlopenssh. Summarize the related files for separating ssh from sftp:

Ssh service sftp service

/usr/lib/systemd/system/sshd.service/etc/systemd/system/sftpd.service (obtained by modifying the file/usr/lib/systemd/system/sshd.service).

/etc/PAM. d/sshd/etc/PAM.d/sftpd (obtained by copying the file/etc/PAM.d/sshd).

/etc/ssh/sshd _ config/etc/ssh/sftpd _ config (obtained by copying the file/etc/ssh/sshd _ config).

/usr/sbin/RCS shd/usr/sbin/rcsftpd(ln-SF/usr/sbin/service/usr/sbin/rcsftpd)

/usr/sbin/sshd/usr/sbin/sftpd(ln-SF/usr/sbin/sshd/usr/sbin/sftpd)

/etc/sys config/ssh/etc/sysconfig/sftp (obtained by modifying the/etc/sysconfig/ssh file).

So far, we have implemented two services.

However, there is no real separation between ssh service and sftp service. At this time, ssh service and sftp service can be used through port 22, and ssh service (SSH-P20022Username @ ServeIP) and sftp service (SFTP-O port = 20022Username @ SERVEIP) can also be used for newly opened port 20022.

4. Close the sftp service under port 22, edit the configuration file /etc/ssh/sshd_config file of /usr/sbin/sshd, comment out the subsystem parameters, and then restart sshd. At the same time, you can also set a white list of users who can access port 22: edit the file /etc/ssh/sshd_config. Set the AllowGroups parameter (assuming it is set to AllowGroupssshonly), so that only users in AllowGroups can log in to the system through port 22 (users who need to log in to the system through usermod-Asshonlyusername & gt add them to the AllowGroups).

5. "Turn off ssh service under port 20022" sftp is a sub-service, and its start depends on ssh service. Therefore, the ssh service can't be turned off in essence, and only the sftp service can be turned on. It can be circumvented in the following ways: the configuration file /etc/ssh/sftpd_config of /usr/sbin/sftpd contains the subsystem parameter configuration (it is recommended to use subsystem sftp internal-sftp-linfo-fauth)/etc/ssh/sftpd _ config contains the AllowGroups parameter (assuming AllowGroupssftponly), and the user access port in AllowGroups is restricted. Change the shell of users in AllowGroups to /bin/false (usermod-s/bin/false username >), so that users in AllowGroups can only log in to the system with sftp (if users need both ssh and sftp, their shell cannot be changed to/bin/false).

6. After user whitelist configuration, users who need ssh to access the system should be added to sshonly group, users who need sftp to access the system should be added to sftponly group, and users who need ssh and sftp at the same time should be added to sshonly and sftponly groups.

7. Restart ssh service and sftp service, and set startup.

Service start service start

How does linux access another server through ssh?

Example: If the root account is used to connect the machine with IP192.168.1.102, enter "ssh192.168.1." If the ssh port of the server is user-defined instead of the default 22 ports, such as 1234, then the parameter -p can be added after the command, such as "ssh192.168.1.102-lroot.

How to use SSH to realize port mapping under Linux system?

From a technical point of view, there are several requirements:

1, sftp will be safer from a security point of view.

2. Online servers provide online services, which need user control, and users can only be active in their own home directories.

3. Users can only use sftp, but not ssh the machine.

To provide sftp service, you can use the internal-sftp that comes with the system, or you can use vsftpd. There is little demand here, so you can directly choose internal-sftp.

Restrict users to their own home directories, and you need to use chroot here. Chroot is supported after openssh4.8p 1. I'm using centos6.3 now, and the openssh that comes with me is already 5.3p 1, which is enough.

You can enter:

#ssh-v

Check the openssh version. If it is lower than 4.8p 1, you need to upgrade and install it yourself, so I won't introduce it in detail here.

Suppose there is a group named sftp. Users in this group can only use sftp, not ssh, and sftp can only be active in their home directory after logging in.

1. Create an sftp group.

#groupaddsftp

2. Create an sftp user named mysftp.

# useradd-gsftp-s/bin/false mysftp

#passwdmysftp

3. The home directories of users in the SFTP group are uniformly assigned to /data/sftp, and are distinguished by user names. Here, first create a new mysftp directory, and then specify mysftp's home as /data/sftp/mysftp.

#mkdir-p/data/sftp/mysftp

# usermod-d/data/sftp/mysftpmysftp

4. configure sshd_config.

Edit /etc/ssh/sshd_config.

# vim+ 132/etc/ssh/sshd _ config

Find the following line and comment it out.

Subsystem sftp/usr/liberec/OpenSSH/sftp-server

Add the following lines

Subsystem sftpinternal-sftp

matchgroupsftp

chrootdirectory/data/sftp/%u

forcecommandinternal-sftp

allowtcpforwardingno

X 1 1 transport number

Explain the meaning of adding a line.

Subsystem sftpinternal-sftp

This line specifies the use of the sftp service to use the internal sftp that comes with the system.

matchgroupsftp

This row is used to match users in the sftp group. If you want to match multiple groups, separate multiple groups with commas.

Of course, users can also match.

matchusermysftp

In this way, users can be matched, and multiple user names are separated by commas, but we are more flexible and convenient to match by group here.

chrootdirectory/data/sftp/%u

Use chroot to specify the user's root directory as /data/sftp/%u, where %u stands for user name, so that users can only be active under/data/sftp/%u. For the meaning of chroot, please refer to here: /linux/l-cn-chroot/

forcecommandinternal-sftp

Specify sftp command

allowtcpforwardingno

X 1 1 transport number

If you don't want users to use port forwarding, you should add these two lines or delete them.

5, set the chroot directory permissions.

# chown root:sftp/data/sftp/my FTP

#chmod755/data/sftp/mysftp

Incorrect directory permission setting will lead to the content of "fatal: badownershipormodesrootdirectoryxxxxxxx" in the log.

There are two main points in setting permissions for directories:

1. The directory owner from the directory specified by chrootdirectory to the system root directory can only be root.

2. The directory specified by 2.chrootdirectory cannot have group write permission to the system root directory from the beginning.

So follow the above two principles.

1) We set the owner of /data/sftp/mysfttp as root and all groups as sftp.

2) We set the permission of /data/sftp/mysfttp to 755, and the owner root has write permission, but all groups of sftp have no write permission.

6. Establish a directory where sftp users can write after logging in.

According to the above settings, after restarting the sshd service, the user mysftp can log in, but after using chroot to specify the root directory, the root directory should not be writable, so a new directory should be created for mysftp to upload files. The owner of this directory is mysftp, all groups are sftp, and the owner has write permission, but all groups have no write permission.

#mkdir/data/sftp/mysftp/upload

# chown mysftp:sftp/data/sftp/mysftp/upload

# chmod 755/data/sftp/mysftp/upload

7. Restart sshd service

# Service hardware startup

At this point, mysftp can log in through the sftp client and upload the file to the upload directory.

If you still can't upload files in this directory, you will be prompted that you don't have permission. Check whether selinux is closed. You can use the following instructions to turn off selinux.

Modify selinux= ""in the /etc/selinux/config file to disabled, and then restart. or

#setenforce0

How to close ssh service under linux?

Chkconfig-level2345SSHD On-levelWhen the system is running at 2345, it is usually only necessary to start (on)sshd service at 35, and use (off) temporary control to start and stop:/etc/rc.d/init.d/SSHD start | stop | restart.

Can ssh only log in to linux?

Ssh is not limited to linux operating system. Ssh is a program used by unix operating system for remote login.

The open source free version of ssh is openssh, which originated from openBSD operating system. After sshd is enabled on the server side, you can log on to the server remotely. At present, all unix-like operating systems run ssh services. So ssh can log in to all unix-like operating systems.

From the slogan of the May 4th Movement shown below, we can feel that the "May 4th Spirit" is the indomitable spirit of tenacious struggle and care for the country and people.

Gansu Provincial Health and Wellness Committee

Why are many restaurant slogans written in China? Even traditional Chinese characters?

What does Hermes in the cake mean? What is Hermes in the cake?

Celebration time of Guizhou Medical University

Does anyone in Lu Qing know?

The other side of Sagittarius's personality

Starry squad slogan

Model essay on hospital fire safety emergency plan

What is the professional category of image production?