Hi! I want to change the sshd port at install for centos7 but i am not sure if i am on the good track (and it is time expensive to make many try-outs).. So, i would be grateful if someone with experience can spot if i have problems with my planning.. (the actual purpose is that after installation i have access for my ansible provisioning) first make sure ssh is started services --enabled=sshd,chronyd then .. i imagine that in the %post section %post --interpreter=/usr/bin/bash --log=/root/ks-post.log 1. i could use sed to change the port sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config 3. enable key access mkdir -p /root/.ssh chmod 700 /root/.ssh cat << EOF >> /root/.ssh/authorized_keys my_ssh_pubkey EOF 4. semanage port -a -t ssh_port_t -p tcp 60000 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp 6. systemctl enable firewalld.service did i miss anything? Thank you! Adrian
On Wed, Feb 17, 2016 at 2:48 PM, Adrian Sevcenco <Adrian.Sevcenco at cern.ch> wrote:> Hi! I want to change the sshd port at install for centos7 but i am not sure > if i am on the good track (and it is time expensive to make many > try-outs).. > So, i would be grateful if someone with experience can spot if i have > problems > with my planning.. (the actual purpose is that after installation i have > access > for my ansible provisioning) > > first make sure ssh is started > services --enabled=sshd,chronyd > > then .. i imagine that in the %post section > %post --interpreter=/usr/bin/bash --log=/root/ks-post.log > 1. i could use sed to change the port > sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config > 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' > /etc/ssh/sshd_config > 3. enable key access > mkdir -p /root/.ssh > chmod 700 /root/.ssh > cat << EOF >> /root/.ssh/authorized_keys > my_ssh_pubkey > EOF > 4. semanage port -a -t ssh_port_t -p tcp 60000 > 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp > 6. systemctl enable firewalld.service > > did i miss anything? >The %post section is definitely where you want your commands. I'd combine the sed commands in points 1 and 2, but that's a small nit picky suggestion. ( You forgot to escape the space before 60000 in the first sed expression you provided. ) sed -i -e 's/#Port\ 22/Port\ 60000/' -e's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config Though I will note there is some sort of syntax error with the PermitRootLogin sed expression (present in the original you provided). I spent a moment looking at it and the problem with that second expression evades me right now. *grumble* -- ---~~.~~--- Mike // SilverTip257 //
On 02/18/2016 10:27 AM, Mike - st257 wrote:> ( You forgot to escape the space before 60000 in the first sed expression > you provided. )True, but you shouldn't need to escape spaces at all: sed -i 's/#Port 22/Port 60000/; s/#PermitRootLogin yes/PermitRootLogin yes/'> Though I will note there is some sort of syntax error with the > PermitRootLogin sed expression (present in the original you provided). I > spent a moment looking at it and the problem with that second expression > evades me right now.I ran the command he provided and didn't see a problem. What did you see?
On Thu, Feb 18, 2016 at 3:48 AM, Adrian Sevcenco <Adrian.Sevcenco at cern.ch> wrote:> Hi! I want to change the sshd port at install for centos7 but i am not sure > if i am on the good track (and it is time expensive to make many > try-outs).. > So, i would be grateful if someone with experience can spot if i have > problems > with my planning.. (the actual purpose is that after installation i have > access > for my ansible provisioning) > > first make sure ssh is started > services --enabled=sshd,chronyd > > then .. i imagine that in the %post section > %post --interpreter=/usr/bin/bash --log=/root/ks-post.log > 1. i could use sed to change the port > sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config > 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' > /etc/ssh/sshd_config >Not sure if off topic, but you may also consider disabling password login and use key pair to connect through ssh> 3. enable key access > mkdir -p /root/.ssh > chmod 700 /root/.ssh > cat << EOF >> /root/.ssh/authorized_keys > my_ssh_pubkey > EOF > 4. semanage port -a -t ssh_port_t -p tcp 60000 > 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp > 6. systemctl enable firewalld.service > > did i miss anything? > Thank you! > Adrian > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > >-- Java <http://javadevnotes.com/java-float-to-int> and Groovy <http://grails.asia/groovy-array-length>