CentOS7 :: Ks.cfg :: Customisation Of Sshd

Home » CentOS » CentOS7 :: Ks.cfg :: Customisation Of Sshd
CentOS 4 Comments

Hi! I want to change the sshd port at install for CentOS7 but i am not sure if i am on the good track (and it is time expensive to make many try-outs).. So, i would be grateful if someone with experience can spot if i have problems with my planning.. (the actual purpose is that after installation i have access for my ansible provisioning)

first make sure SSH is started services –enabled=sshd,chronyd

then .. i imagine that in the %post section
%post –interpreter=/usr/bin/bash –log=/root/ks-post.log
1. i could use sed to change the port sed -i ‘s/#Port\ 22/Port 60000/’ /etc/ssh/sshd_config
2. sed -i ‘s/#PermitRootLogin\ yes/PermitRootLogin\ yes/’ /etc/ssh/sshd_config
3. enable key access mkdir -p /root/.ssh chmod 700 /root/.ssh cat << EOF >> /root/.ssh/authorized_keys my_ssh_pubkey EOF
4. semanage port -a -t ssh_port_t -p tcp 60000
5. firewall-cmd –permanent –zone=public –add-port=60000/tcp
6. systemctl enable firewalld.service

did i miss anything?
Thank you!
Adrian

4 thoughts on - CentOS7 :: Ks.cfg :: Customisation Of Sshd

  • The %post section is definitely where you want your commands. I’d combine the sed commands in points 1 and 2, but that’s a small nit picky suggestion.
    ( You forgot to escape the space before 60000 in the first sed expression you provided. )

    sed -i -e ‘s/#Port\ 22/Port\ 60000/’ -e’s/#PermitRootLogin\
    yes/PermitRootLogin\ yes/’ /etc/ssh/sshd_config

    Though I will note there is some sort of syntax error with the PermitRootLogin sed expression (present in the original you provided). I
    spent a moment looking at it and the problem with that second expression evades me right now. *grumble*

  • True, but you shouldn’t need to escape spaces at all:

    sed -i ‘s/#Port 22/Port 60000/; s/#PermitRootLogin yes/PermitRootLogin yes/’

    I ran the command he provided and didn’t see a problem. What did you see?

  • Not sure if off topic, but you may also consider disabling password login and use key pair to connect through ssh

  • Right, I notice that now. And those expressions can be combined in one string and not two expressions. ;-)

    I know I saw an error message yesterday, but I don’t see one now (ran it without the “in place” replace option as a test). *shrugs* Now I look like I’m seeing things. :-/

    Thank goodness it’s Friday.