{"id":3094,"date":"2020-06-09T19:23:00","date_gmt":"2020-06-09T10:23:00","guid":{"rendered":"https:\/\/jikoman.sin-cos.com\/blog\/?p=3094"},"modified":"2020-06-09T19:23:00","modified_gmt":"2020-06-09T10:23:00","slug":"%e3%81%95%e3%81%8f%e3%82%89%e3%81%aevps%e3%81%a7centos8-6","status":"publish","type":"post","link":"https:\/\/jikoman.sin-cos.com\/blog\/2020\/06\/%e3%81%95%e3%81%8f%e3%82%89%e3%81%aevps%e3%81%a7centos8-6\/","title":{"rendered":"\u3055\u304f\u3089\u306eVPS\u3067CentOS8 (6) SSH\u306e\u30dd\u30fc\u30c8\u3092\u5909\u66f4"},"content":{"rendered":"\n

\u524d\u56de<\/a>\u306froot\u3067\u306eSSH\u63a5\u7d9a\u304c\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u5bfe\u7b56\u3092\u884c\u3063\u305f\u3002<\/p>\n\n\n\n

\u3055\u3066\u3001\u4eca\u56de\u306fSSH\u306e\u63a5\u7d9a\u30dd\u30fc\u30c8\u3092\u5909\u66f4\u3059\u308b\u3002<\/p>\n\n\n\n\n\n\n\n

\u304c\u3001\u3061\u3087\u3063\u3068\u9762\u5012\u304f\u3055\u3044\u3002\u5931\u6557\u3059\u308b\u3068SSH\u63a5\u7d9a\u3067\u304d\u306a\u304f\u306a\u308b\u306e\u3067\u3001VNC\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3084\u308b\u307b\u3046\u304c\u826f\u3044\u304b\u3082\u3002<\/p>\n\n\n\n

\u307e\u305a\u3001\u524d\u56de\u3068\u540c\u3058SSH\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3059\u308b\u3002<\/p>\n\n\n\n

\u3061\u306a\u307f\u306b\u3001”su -“\u3067root\u306b\u306a\u3063\u3066\u4f5c\u696d\u3059\u308b\u3068\u3001\u5236\u9650\u304c\u307b\u3068\u3093\u3069\u306a\u304f\u3001\u53d6\u308a\u8fd4\u3057\u306e\u3064\u304b\u306a\u3044\u5931\u6557\u3092\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u306e\u3067\u3001”sudo”\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3063\u3066\u5b9f\u884c\u3059\u308b\u3002\u306e\u304c\u826f\u3044\u3068\u601d\u3046\u3002<\/p>\n\n\n\n

\u30b3\u30de\u30f3\u30c9\u5165\u529b\u6642\u3001
\u524d\u306b”$”\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u6642\u306f\u4e00\u822c\u30e6\u30fc\u30b6\u3001
\u524d\u306b”#”\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u6642\u306f\u30e6\u30fc\u30b6root\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u72b6\u614b\u3002<\/p>\n\n\n\n

$ sudo vi \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n
\u6b21\u306e\u3088\u3046\u306aPort\u8a2d\u5b9a\u884c\u304c\u3042\u308b\u304c\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u307e\u307e\u306a\u306e\u3067\u3001\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u72b6\u614b\u306b\u306a\u3063\u3066\u3044\u308b\u3002<\/p>\n\n\n\n
#Port 22<\/pre>\n\n\n\n
\u307e\u305a\u306f\u3001\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u6a19\u6e96\u306e22\u304b\u3089\u597d\u304d\u306a\u5024\u306b\u5909\u66f4\u3059\u308b\u3002<\/p>\n\n\n\n
Port 1022<\/pre>\n\n\n\n
[:][w][q]\u30ad\u30fc\u3067\u4fdd\u5b58\u7d42\u4e86\u3002<\/p>\n\n\n\n
SSH\u30b5\u30fc\u30d0\u30fc\u3092\u518d\u8d77\u52d5\u3002<\/p>\n\n\n\n
$ sudo systemctl restart sshd.service
Job for sshd.service failed because the control process exited with error code.
See \"systemctl status sshd.service\" and \"journalctl -xe\" for details.<\/pre>\n\n\n\n
\u3042\u308c\uff1f\u30a8\u30e9\u30fc\u3002<\/p>\n\n\n\n
\u307e\u305a\u306f\u539f\u56e0\u3092\u8abf\u3079\u308b\u305f\u3081\u306b\u3001\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\u4e2d\u306e”journalctl -xe”\u3092\u5b9f\u884c\u3057\u3066\u307f\u308b\u3002<\/p>\n\n\n\n
6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp systemd[1]: Starting OpenSSH server daemon...
 -- Subject: Unit sshd.service has begun start-up
 -- Defined-By: systemd
 -- Support: https:\/\/access.redhat.com\/support
 -- 
 -- Unit sshd.service has begun starting up.
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp sshd[4607]: error: Bind to port 1022 on 0.0.0.0 failed: Permission denied<\/span>.
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp sshd[4607]: error: Bind to port 1022 on :: failed: Permission denied<\/span>.
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp sshd[4607]: fatal: Cannot bind any address.
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp systemd[1]: sshd.service: Main process exited, code=exited, status=255\/n\/a
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp systemd[1]: sshd.service: Failed with result 'exit-code'.
 6\u6708 07 20:30:44 hostmei.vs.sakura.ne.jp systemd[1]: Failed to start OpenSSH server daemon.
 -- Subject: Unit sshd.service has failed
 -- Defined-By: systemd
 -- Support: https:\/\/access.redhat.com\/support
 -- 
 -- Unit sshd.service has failed.
 -- 
 -- The result is RESULT.<\/pre>\n\n\n\n
“Permission Denied”\u3063\u3066\u301c\u3053\u3068\u306f\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u3063\u3066\u3053\u3068\u3002<\/p>\n\n\n\n
\u30dd\u30fc\u30c81022\u4f7f\u3046\u3053\u3068\u304c\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u3002<\/p>\n\n\n\n
\u4f55\u6545\u304b\uff1fSELINUX\u304c\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u304b\u3089\uff1f<\/p>\n\n\n\n
$ getenforce
Enforcing<\/pre>\n\n\n\n
“Enforcing”\u3063\u3066\u3053\u3068\u306f\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3002
“Disabled”\u3060\u3068\u7121\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3002<\/p>\n\n\n\n
\u3067\u306f\u3001\u4e00\u6642\u7684\u306b\u7121\u52b9\u306b\u3057\u3088\u3046\u3002<\/p>\n\n\n\n
$ sudo setenforce 0
$ getenforce
Permissive<\/pre>\n\n\n\n
“Permissive”\u3063\u3066\u3053\u3068\u306f\u4e00\u6642\u7684\u306b\u7121\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3002<\/p>\n\n\n\n
\u3055\u3066\u3001\u3082\u3046\u4e00\u5ea6SSH\u30b5\u30fc\u30d0\u30fc\u306e\u518d\u8d77\u52d5\u3092\u884c\u3063\u3066\u307f\u308b\u3002<\/p>\n\n\n\n
$ sudo systemctl restart sshd.service<\/pre>\n\n\n\n
\u30a8\u30e9\u30fc\u306f\u306a\u3044\u306e\u3067\u3001\u518d\u8d77\u52d5\u3067\u304d\u305f\u3068\u601d\u3046\u304c\u3001\u4e00\u5fdc\u78ba\u8a8d\u3057\u3066\u304a\u304f\u3002<\/p>\n\n\n\n
$ sudo systemctl status sshd.service
\u25cf<\/span> sshd.service - OpenSSH server daemon
Loaded: loaded (\/usr\/lib\/systemd\/system\/sshd.service; enabled; vendor preset: enabled)
Active: active (running)<\/span> since Sun 2020-06-07 20:45:25 JST; 6s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 4944 (sshd)
Tasks: 1 (limit: 2832)
Memory: 1.1M
CGroup: \/system.slice\/sshd.service
\u2514\u25004944 \/usr\/sbin\/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oM>
6\u6708 07 20:45:25 hostmei.vs.sakura.ne.jp systemd[1]: Stopped OpenSSH server daemon.
6\u6708 07 20:45:25 hostmei.vs.sakura.ne.jp systemd[1]: Starting OpenSSH server daemon\u2026
6\u6708 07 20:45:25 hostmei.vs.sakura.ne.jp sshd[4944]: Server listening on 0.0.0.0 port 10022.
6\u6708 07 20:45:25 hostmei.vs.sakura.ne.jp sshd[4944]: Server listening on :: port 10022.
6\u6708 07 20:45:25 hostmei.vs.sakura.ne.jp systemd[1]: Started OpenSSH server daemon.<\/pre>\n\n\n\n
\u8d77\u52d5\u3067\u304d\u3066\u3044\u308b\u306e\u3067\u3001\u8a2d\u5b9a\u3057\u305f\u30dd\u30fc\u30c8\u3067\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u3088\u3046\u3002
\u3060\u304c\u3001\u4eca\u63a5\u7d9a\u3057\u3066\u3044\u308b\u72b6\u614b\u306f\u4fdd\u6301\u3057\u3066\u3001\u65b0\u898f\u3067\u63a5\u7d9a\u3059\u308b\u3002<\/p>\n\n\n\n
% ssh nori@hostmei.vs.sakura.ne.jp -p 10022\nssh: connect to host hostmei.vs.sakura.ne.jp port 10022: Connection refused<\/pre>\n\n\n\n
\u7121\u7406\u3002
\u5143\u30dd\u30fc\u30c8\u306e\u307e\u307e\uff1f<\/p>\n\n\n\n
% ssh nori@hostmei.vs.sakura.ne.jp
ssh: connect to host hostmei.vs.sakura.ne.jp port 22: Connection refuse<\/pre>\n\n\n\n
\u3080\u301c\u308a\u301c<\/p>\n\n\n\n
\u4f55\u6545\u304b\uff1f<\/p>\n\n\n\n
\u30d5\u30a1\u30a4\u30e4\u30fc\u30a6\u30a9\u30fc\u30eb\u304c\u50cd\u3044\u3066\u3044\u308b\u304b\u3089\u3002<\/p>\n\n\n\n
\u3067\u306f\u3001\u63a5\u7d9a\u72b6\u614b\u306eSSH\u3092\u4f7f\u3063\u3066\u3001\u30d5\u30a1\u30a4\u30e4\u30a6\u30a9\u30fc\u30eb\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\u3002<\/p>\n\n\n\n
$ sudo vi \/usr\/lib\/firewalld\/services\/ssh.xml<\/pre>\n\n\n\n
<?xml version=\"1.0\" encoding=\"utf-8\"?>
 <service>
   <short>SSH<\/short>
   <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.<\/description>
   <port protocol=\"tcp\" port=\"10022<\/span>\"\/>
 <\/service><\/pre>\n\n\n\n
\u305d\u3057\u3066\u3001\u8a2d\u5b9a\u3092\u53cd\u6620\u3055\u305b\u308b\u305f\u3081\u306b\u3001\u8a2d\u5b9a\u306e\u518d\u8aad\u307f\u8fbc\u307f\u3092\u884c\u3046\u3002<\/p>\n\n\n\n
$ sudo firewall-cmd --reload
success<\/pre>\n\n\n\n
\u518d\u5ea6\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3001\u65b0\u898f\u306b\u63a5\u7d9a\u3057\u3066\u30c6\u30b9\u30c8\u3057\u3066\u307f\u308b\u3002<\/p>\n\n\n\n
% ssh nori@hostmei.vs.sakura.ne.jp -p 10022
nori@hostmei.vs.sakura.ne.jp's password:
Last login: Sun Jun 7 20:07:05 2020 from 123.123.123.123
[nori@hostmei ~]$ <\/pre>\n\n\n\n
\u63a5\u7d9a\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n\n\n\n
\u3060\u304c\u3001\u5fd8\u308c\u3066\u3044\u307e\u305b\u3093\u3088\u306d\uff1f<\/p>\n\n\n\n
SELINUX\u3092\u4e00\u6642\u7121\u52b9\u306b\u3057\u3066\u3044\u305f\u3053\u3068\u3092\u3002<\/p>\n\n\n\n
\u3067\u3001\u305d\u306e\u8a2d\u5b9a\u306b”semanage”\u3063\u3066\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3044\u305f\u3044\u306e\u3060\u304c\u3001\u30df\u30cb\u30de\u30eb\u306aOS\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u306f\u3001\u6b21\u306e\u3088\u3046\u306b\u30b3\u30de\u30f3\u30c9\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u3068\u8a00\u308f\u308c\u308b\u3002<\/p>\n\n\n\n
$ sudo semanage port -l | grep ssh
sudo: semanage: \u30b3\u30de\u30f3\u30c9\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093<\/pre>\n\n\n\n
\u3058\u3083\u3042\u3001\u4f55\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308c\u3070\u4f7f\u3048\u308b\u306e\u304b\uff1f<\/p>\n\n\n\n
$ dnf whatprovides semanage\nCentOS-8 - AppStream 2.4 MB\/s | 5.8 MB 00:02\nCentOS-8 - Base 2.4 MB\/s | 2.2 MB 00:00\nCentOS-8 - Extras 9.3 kB\/s | 6.7 kB 00:00\npolicycoreutils-python-utils-2.9-3.el8_1.1.noarch : SELinux policy core python utilities\nRepo : @System\n\u4e00\u81f4:\n\u30d5\u30a1\u30a4\u30eb\u540d : \/usr\/sbin\/semanage\npolicycoreutils-python-utils-2.9-9.el8.noarch : SELinux policy core python utilities\nRepo : BaseOS\n\u4e00\u81f4:\n\u30d5\u30a1\u30a4\u30eb\u540d : \/usr\/sbin\/semanage<\/pre>\n\n\n\n
\u3078\u301c\u3001\u3053\u3093\u306a\u30b3\u30de\u30f3\u30c9\u3067\u8abf\u3079\u308b\u3093\u3060\u306d\u3002<\/p>\n\n\n\n
\u3063\u3066\u3001dnf\u3063\u3066\u4f55\uff1f<\/p>\n\n\n\n
DNF<\/strong>\u307e\u305f\u306fDandified Yum<\/strong> (\u30c0\u30f3\u30c7\u30a3\u30d5\u30a1\u30a4\u30c9 \u30e4\u30e0)\u306f\u3001RPM<\/a>\u30d9\u30fc\u30b9\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0<\/a>\u3092\u63a1\u7528\u3057\u3066\u3044\u308bLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3<\/a>\u7528\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u30de\u30cd\u30fc\u30b8\u30e3<\/a>\u3067\u3042\u308bYum<\/a> 3.4\u306e\u30d5\u30a9\u30fc\u30af<\/a>\u3067\u3042\u308a\u3001Yum\u306e\u4e8b\u5b9f\u4e0a\u306e\u5f8c\u7d99\u30d0\u30fc\u30b8\u30e7\u30f3[1]<\/a>[2]<\/a>[3]<\/a><\/sup>\u3002<\/p>\u30d5\u30ea\u30fc\u767e\u79d1\u4e8b\u5178\u300e\u30a6\u30a3\u30ad\u30da\u30c7\u30a3\u30a2\uff08Wikipedia\uff09\u300f<\/cite><\/blockquote>\n\n\n\n
\u5f8c\u7d99\u304b\u3002
\u3067\u3082\u3001yum\u3082\u307e\u3060\u4f7f\u3048\u3066\u3057\u307e\u3046\u306e\u3067\u3001yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3057\u307e\u3063\u305f\u3002<\/p>\n\n\n\n
$ sudo yum install policycoreutils-python-utils\nCentOS-8 - AppStream 2.2 kB\/s | 4.3 kB 00:01\nCentOS-8 - Base 5.6 kB\/s | 3.9 kB 00:00\nCentOS-8 - Extras 2.4 kB\/s | 1.5 kB 00:00\n\u4f9d\u5b58\u95a2\u4fc2\u304c\u89e3\u6c7a\u3057\u307e\u3057\u305f\u3002\n\u30d1\u30c3\u30b1\u30fc\u30b8 \u30a2\u30fc\u30ad\u30c6\u30af\u30c1\u30e3\u30fc \u30d0\u30fc\u30b8\u30e7\u30f3 \u30ea\u30dd\u30b8\u30c8\u30ea\u30fc \u30b5\u30a4\u30ba\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb:\npolicycoreutils-python-utils noarch 2.9-3.el8_1.1 BaseOS 250 k\n\u4f9d\u5b58\u95a2\u4fc2\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb:\ncheckpolicy x86_64 2.9-1.el8 BaseOS 348 k\npython3-audit x86_64 3.0-0.13.20190507gitf58ec40.el8 BaseOS 85 k\npython3-libsemanage x86_64 2.9-1.el8 BaseOS 127 k\npython3-policycoreutils noarch 2.9-3.el8_1.1 BaseOS 2.2 M\npython3-setools x86_64 4.2.2-1.el8 BaseOS 600 k\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u306e\u6982\u8981\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb 6 \u30d1\u30c3\u30b1\u30fc\u30b8\n\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30b5\u30a4\u30ba\u306e\u5408\u8a08: 3.6 M\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6e08\u307f\u306e\u30b5\u30a4\u30ba: 11 M\n\u3053\u308c\u3067\u3088\u308d\u3057\u3044\u3067\u3059\u304b? [y\/N]: y<\/span>\n\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9:\n(1\/6): python3-audit-3.0-0.13.20190507gitf58ec40.el8.x86_64.rpm 547 kB\/s | 85 kB 00:00\n(2\/6): policycoreutils-python-utils-2.9-3.el8_1.1.noarch.rpm 1.2 MB\/s | 250 kB 00:00\n(3\/6): checkpolicy-2.9-1.el8.x86_64.rpm 1.4 MB\/s | 348 kB 00:00\n(4\/6): python3-libsemanage-2.9-1.el8.x86_64.rpm 872 kB\/s | 127 kB 00:00\n(5\/6): python3-setools-4.2.2-1.el8.x86_64.rpm 972 kB\/s | 600 kB 00:00\n(6\/6): python3-policycoreutils-2.9-3.el8_1.1.noarch.rpm 1.7 MB\/s | 2.2 MB 00:01\n\u5408\u8a08 1.7 MB\/s | 3.6 MB 00:02\n\u8b66\u544a: \/var\/cache\/dnf\/BaseOS-929b586ef1f72f69\/packages\/checkpolicy-2.9-1.el8.x86_64.rpm: \u30d8\u30c3\u30c0\u30fc V3 RSA\/SHA256 Signature\u3001\u9375 ID 8483c65d: NOKEY\nCentOS-8 - Base 1.6 MB\/s | 1.6 kB 00:00\nGPG \u9375 0x8483C65D \u3092\u30a4\u30f3\u30dd\u30fc\u30c8\u4e2d:\nUserid : \"CentOS (CentOS Official Signing Key) security@centos.org<\/a>\"\nFingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D\nFrom : \/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-centosofficial\n\u3053\u308c\u3067\u3088\u308d\u3057\u3044\u3067\u3059\u304b? [y\/N]: y<\/span>\n\u9375\u306e\u30a4\u30f3\u30dd\u30fc\u30c8\u306b\u6210\u529f\u3057\u307e\u3057\u305f\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u306e\u78ba\u8a8d\u3092\u5b9f\u884c\u4e2d\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u306e\u78ba\u8a8d\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u306e\u30c6\u30b9\u30c8\u3092\u5b9f\u884c\u4e2d\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u306e\u30c6\u30b9\u30c8\u306b\u6210\u529f\u3057\u307e\u3057\u305f\u3002\n\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u4e2d\n\u6e96\u5099 : 1\/1\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : python3-setools-4.2.2-1.el8.x86_64 1\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : python3-libsemanage-2.9-1.el8.x86_64 2\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : python3-audit-3.0-0.13.20190507gitf58ec40.el8.x86_64 3\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : checkpolicy-2.9-1.el8.x86_64 4\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : python3-policycoreutils-2.9-3.el8_1.1.noarch 5\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d : policycoreutils-python-utils-2.9-3.el8_1.1.noarch 6\/6\nscriptlet\u306e\u5b9f\u884c\u4e2d: policycoreutils-python-utils-2.9-3.el8_1.1.noarch 6\/6\n\u691c\u8a3c : checkpolicy-2.9-1.el8.x86_64 1\/6\n\u691c\u8a3c : policycoreutils-python-utils-2.9-3.el8_1.1.noarch 2\/6\n\u691c\u8a3c : python3-audit-3.0-0.13.20190507gitf58ec40.el8.x86_64 3\/6\n\u691c\u8a3c : python3-libsemanage-2.9-1.el8.x86_64 4\/6\n\u691c\u8a3c : python3-policycoreutils-2.9-3.el8_1.1.noarch 5\/6\n\u691c\u8a3c : python3-setools-4.2.2-1.el8.x86_64 6\/6\n\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6e08\u307f:\npolicycoreutils-python-utils-2.9-3.el8_1.1.noarch checkpolicy-2.9-1.el8.x86_64 python3-audit-3.0-0.13.20190507gitf58ec40.el8.x86_64\npython3-libsemanage-2.9-1.el8.x86_64 python3-policycoreutils-2.9-3.el8_1.1.noarch python3-setools-4.2.2-1.el8.x86_64\n\u5b8c\u4e86\u3057\u307e\u3057\u305f!<\/pre>\n\n\n\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5b8c\u4e86\u3002<\/p>\n\n\n\n
\u9014\u4e2d[y]\u30ad\u30fc\u3067\u78ba\u8a8d\u4f5c\u696d\u3092\u884c\u3063\u305f\u3002<\/p>\n\n\n\n
\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u6642”-y”\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u4ed8\u3051\u308b\u3068\u78ba\u8a8d\u306f\u3044\u3089\u306a\u3044\u3051\u3069\u3001\u5931\u6557\u3057\u306a\u3044\u305f\u3081\u306b\u78ba\u8a8d\u3092\u884c\u3046\u65b9\u304c\u597d\u304d\u3002<\/p>\n\n\n\n
\u3055\u3066\u3001\u73fe\u5728SELINUX\u3067SSH\u3068\u3057\u3066\u8a8d\u8b58\u3057\u3066\u3044\u308b\u30dd\u30fc\u30c8\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
$ sudo semanage port -l | grep ssh
ssh_port_t tcp 22<\/pre>\n\n\n\n
\u306f\u3044\u300222\u756a\u30dd\u30fc\u30c8\u3067\u3059\u306d\u3002
\u65b0\u3057\u3044\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u8ffd\u52a0\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n
$ sudo semanage port -a -t ssh_port_t -p tcp 1022\n$ sudo semanage port -l | grep ssh\nssh_port_t tcp 1022, 22<\/pre>\n\n\n\n
\u306f\u3044\u3002\u8ffd\u52a0\u3055\u308c\u307e\u3057\u305f\u306d\u3002<\/p>\n\n\n\n
\u3058\u3083\u3042\u3001SELINUX\u3092\u6709\u52b9\u306b\u3057\u3066\u3001SSH\u30b5\u30fc\u30d0\u30fc\u3092\u518d\u8d77\u52d5\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n
$ sudo setenforce 1\n$ getenforce\nEnforcing\n$ sudo systemctl restart sshd.service\n$ sudo systemctl status sshd.service\n\u25cf<\/span> sshd.service - OpenSSH server daemon\nLoaded: loaded (\/usr\/lib\/systemd\/system\/sshd.service; enabled; vendor preset: enabled)\nActive: active (running)<\/span> since Sun 2020-06-07 23:16:47 JST; 8s ago\nDocs: man:sshd(8)\nman:sshd_config(5)\nMain PID: 22130 (sshd)\nTasks: 1 (limit: 2832)\nMemory: 1.2M\nCGroup: \/system.slice\/sshd.service\n\u2514\u250022130 \/usr\/sbin\/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -o>\n6\u6708 07 23:16:47 hostmei.vs.sakura.ne.jp systemd[1]: Starting OpenSSH server daemon\u2026\n6\u6708 07 23:16:47 hostmei.vs.sakura.ne.jp sshd[22130]: Server listening on 0.0.0.0 port 1022.\n6\u6708 07 23:16:47 hostmei.vs.sakura.ne.jp sshd[22130]: Server listening on :: port 1022.\n6\u6708 07 23:16:47 hostmei.vs.sakura.ne.jp systemd[1]: Started OpenSSH server daemon.<\/pre>\n\n\n\n
\u5ff5\u306e\u70ba\u306b\u3001OS\u306e\u518d\u8d77\u52d5\u3092\u884c\u3063\u3066\u3001\u305d\u308c\u3067\u3082\u63a5\u7d9a\u3067\u304d\u308b\u304b\u3092\u78ba\u8a8d\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n
$ sudo reboot now<\/pre>\n\n\n\n
\u4e00\u3064\u6c17\u306b\u306a\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u306d\uff1f
\u305d\u3046\u3067\u3059\u3002\u30dd\u30fc\u30c822\u304c\u7a7a\u3044\u305f\u307e\u307e\u3067\u3059\u3002
\u306a\u306e\u3067\u3001\u9589\u3058\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n
$ sudo semanage port -d -t ssh_port_t -p tcp 22\nValueError: \u30dd\u30fc\u30c8 tcp\/22 \u306f\u30dd\u30ea\u30b7\u30fc\u5185\u3067\u5b9a\u7fa9\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u524a\u9664\u3067\u304d\u307e\u305b\u3093<\/pre>\n\n\n\n
\u3068\u3001\u30a8\u30e9\u30fc\u306b\u306a\u308a\u307e\u3059\u3002\u82f1\u8a9e\u3060\u3068\u3001<\/p>\n\n\n\n
ValueError: Port tcp\/22 is defined in policy, cannot be deleted<\/pre>\n\n\n\n
\u6d88\u305b\u306a\u3044\u306e\u304b\u3088\uff01<\/p>\n\n\n\n
\u3055\u3066\u3001\u6b21\u56de<\/a>\u306f\u30e1\u30fc\u30eb\u9001\u4fe1\u6a5f\u80fd\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
\u3055\u304f\u3089\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306eVPS<\/a>\"\"\n\"\"<\/a>\"\"<\/p>\n","protected":false},"excerpt":{"rendered":"
\u524d\u56de\u306froot\u3067\u306eSSH\u63a5\u7d9a\u304c\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u5bfe\u7b56\u3092\u884c\u3063\u305f\u3002 \u3055\u3066\u3001\u4eca\u56de\u306fSSH\u306e\u63a5\u7d9a\u30dd\u30fc\u30c8\u3092\u5909\u66f4\u3059\u308b\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129],"tags":[43,64],"class_list":["post-3094","post","type-post","status-publish","format-standard","hentry","category-pc","tag-vps","tag-64"],"_links":{"self":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts\/3094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/comments?post=3094"}],"version-history":[{"count":0,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts\/3094\/revisions"}],"wp:attachment":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/media?parent=3094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/categories?post=3094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/tags?post=3094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}