CentOS 7 修改SSH端口，失败。

CentOS 7 修改SSH端口，

问题：

[root@localhost
~]# systemctl status sshd

● sshd.service
-
OpenSSH server daemon

Loaded:
loaded (/usr/lib/systemd/system/sshd.service;
enabled; vendor preset: enabled)

Active:
active (running) since
日
2016-01-31
20:43:48
CST;
2min
13s ago

Docs:
man:sshd(8)

man:sshd_config(5)

Main PID:
50776
(sshd)

CGroup:
/system.slice/sshd.service

└─50776
/usr/sbin/sshd
-D

1月
31
20:43:48
localhost.localdomain systemd[1]:
Started
OpenSSH server daemon.

1月
31
20:43:48
localhost.localdomain systemd[1]:
Starting
OpenSSH server daemon...

1月
31 20:43:48
localhost.localdomain sshd[50776]: error:
Bind to port
9481 on 0.0.0.0 failed:
Permission denied.

1月
31 20:43:48
localhost.localdomain sshd[50776]: error:
Bind to port
9481 on :: failed:
Permission denied.

1月
31
20:43:48
localhost.localdomain sshd[50776]:
Server listening on
0.0.0.0 port
22.

1月
31
20:43:48
localhost.localdomain sshd[50776]:
Server listening on
:: port
22.

1月
31
20:45:29
localhost.localdomain sshd[51007]:
Accepted password
for root from
192.168.0.103 port
54599 ssh2

[root@localhost
~]#

解决：

[root@localhost
~]#
semanage port -a
-t
ssh_port_t
-p tcp
9481

-------------------------解决之后----------------------------------

[root@localhost ~]# systemctl status sshd

● sshd.service - OpenSSH server daemon

   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)

   Active: active (running) since 日 2016-01-31 21:20:18 CST; 1min 30s ago

     Docs: man:sshd(8)

           man:sshd_config(5)

 Main PID: 52858 (sshd)

   CGroup: /system.slice/sshd.service

           └─52858 /usr/sbin/sshd -D

1月 31 21:20:18 localhost.localdomain systemd[1]: Started OpenSSH server daemon.

1月 31 21:20:18 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 9481.

1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 9481.

1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on 0.0.0.0 port 22.

1月 31 21:20:18 localhost.localdomain sshd[52858]: Server listening on :: port 22.

----------------------------------------------------------------------

附：

semanage使用方法：

/usr/sbin/semanage:
semanage [ -S store ] -i [ input_file | - ]
semanage [ -S store ] -o [ output_file | - ]
semanage {boolean|login|user|port|interface|module|node|fcontext} -{l|D|E} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
semanage module -{a|d|m} [--enable|--disable] module
semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-efrst] file_spec
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a|l} type
semanage dontaudit [ on | off ]
Primary Options:
-a, --add        Add a OBJECT record NAME
-d, --delete     Delete a OBJECT record NAME
-m, --modify     Modify a OBJECT record NAME
-i, --input      Input multiple semange commands in a transaction
-o, --output     Output current customizations as semange commands
-l, --list       List the OBJECTS
-E, --extract    extract customizable commands
-C, --locallist  List OBJECTS local customizations
-D, --deleteall  Remove all OBJECTS local customizations
-h, --help       Display this message
-n, --noheading  Do not print heading when listing OBJECTS
-S, --store      Select and alternate SELinux store to manage
Object-specific Options (see above):
-f, --ftype      File Type of OBJECT
"" (all files)
-- (regular file)
-d (directory)
-c (character device)
-b (block device)
-s (socket)
-l (symbolic link)
-p (named pipe)
-F, --file       Treat target as an input file for command, change multiple settings
-p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask       Netmask
-e, --equal      Substitue source path for dest path when labeling
-P, --prefix     Prefix for home directory labeling
-L, --level      Default SELinux Level (MLS/MCS Systems only)
-R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
-s, --seuser     SELinux User Name
-t, --type       SELinux Type for the object
-r, --range      MLS/MCS Security Range (MLS/MCS Systems only)
--enable         Enable a module
--disable        Disable a module