1.Remote connection via SSH
SSH is a service for connecting remotely to a server and is basically running immediately after the OS is installed, but the default settings are somewhat insecure.
Here we will configure the default settings to increase the security of ssh connections.
1.1 Edit SSH service configuration file
Modify the configuration file to change the SSH service settings.
The SSH service configuration file is "/etc/ssh/sshd_config".
# vi /etc/ssh/sshd_config
Line 21 : Uncomment、This time change to "Port 2244" and proceed
Port 2244
Line 23 : Uncomment
ListenAddress 0.0.0.0
Line 40 : Uncomment
PermitRootLogin prohibit-password
Restart SSH
# systemctl restart sshd.service
If this is not done, the next time you reboot, you will not be able to connect remotely via SSH. Please free SSH port 2244 in the following firewall settings.
2.Firewall (firewalld) settings
2.1 How to use the "firewall-cmd" command to control "firewalld
1)Command to check the status and settings of "firewalld"
①Check firewalld operation status
If "firewalld" is running, the message "running" will be displayed; if it is not running, the message "not running" will be displayed.
# firewall-cmd --state
running
➁View default zone settings
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
In the above example, we can see that the services "cockpit", "dhcpv6-client", "ssh" are allowed, etc.
③About the "--permanent" option
To prevent the settings from disappearing when the server is restarted or the "firewalld" service is restarted, the
The "--permanent" option must be used to configure the settings.
If the "--permanent" option is specified, the setting is not reflected in "firewalld" as it is, so it is necessary to use "fiewall-cmd --reload" to reflect the setting.
As an example, to use the HTTP service permanently without initialization even if the system is rebooted
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
④How to start/stop
Since "firewalld" is controlled by "systemd", use the "systemctl" command to start and stop it.
Start firewalld
# systemctl start firewalld
Stop firewalld
# systemctl stop firewalld
2.2 Allow modified SSH port 2244
# firewall-cmd --add-port=2244/tcp --permanent
success
# firewall-cmd --reload
success
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports: 2244/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
2244 ports have been added
3.Remote connection from Windows
How to connect using Tabby Terminal
Specify the SSH port number changed with the" -p 2244" option.
C:\Users\xxxxx>ssh huong@192.168.11.83 -p 2244
huong@192.168.11.83's password:
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Jun 7 17:40:49 2026 from 192.168.11.14
huong@Lepard:~$
4.NTP Server
Build an NTP server to synchronize the server time with Japan Standard Time
①Chrony Installation and Configuration
# dnf -y install chrony
# vi /etc/chrony.conf
Line 3 : Comment it out and add it below.
#pool 2.rocky.pool.ntp.org iburst
pool ntp.nict.jp iburst
②Enable chrony and restart.
# systemctl enable chronyd.service
# systemctl restart chronyd.service
③NTP port allowed in firewall
# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
④Check chronyd status (behavior)
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp-k1.nict.jp 1 6 37 8 +75us[ +232us] +/- 4064us
^- ntp-b3.nict.go.jp 1 6 37 7 +476us[ +476us] +/- 6390us
^- ntp-b2.nict.go.jp 1 6 37 7 +1103us[+1103us] +/- 5618us
^- ntp-a2.nict.go.jp 1 6 37 7 -115us[ -115us] +/- 6563us
If it is marked with *, it has been synchronized.