Click here for "Error Codes for Commercial Air Conditioners".

MiracleLinux ; Firewall , SSH , NTP server

1.Setting up SSH remote connection

SSH is a service to connect to a server remotely, and is basically running right after the OS installation, but the default settings are somewhat insecure.
In this section, we will configure the settings to change the default settings and increase the security of the ssh connection.

1.1 Change the configuration file of SSH service.

The configuration file for the SSH service is "/etc/ssh/sshd_config". Open the configuration file with vi editor

①Find "Port 22" and change it to any port number other than Wernon-port.
In this case, we will proceed by changing the port number to "Port 2244" (changing this port number alone can reduce unauthorized access).
②Find "#ListenAddress 0.0.0.0" and delete the "#" in front of it
③Look for "#PermitRootLogin yes" and change it to "PermitRootLogin no".
 Since the root user already knows the user name, if the password is found, the user can log in to the server with administrative privileges, so we will configure the settings to deny this.

Restart SSH

If this is not done, you will not be able to connect remotely via SSH the next time you reboot, so please free SSH port 2244 in the following firewall settings.

2.How to set up a firewall (firewalld)

In MiracleLinux, the firewall is set to firewalld by default, which is enabled when the OS is installed.

To briefly explain firewalld, when setting up a communication control policy, communication permission/blocking rules are applied to predefined zones, and the zones are assigned to each NIC (network adapter).

2.1 How to use the firewall-cmd command to control "firewalld".

1)Command to check the status and settings of firewalld

①Check firewalld operation status

If "firewalld" is running, "running" will be displayed; if it is not running, "not running" will be displayed.

or

Active:The message "inactive (dead)" is displayed, indicating that firewalld is stopped

➁Show default zone settings

In the above example, you can see that the "public" zone is set to "default" and assigned to the NICs "eno16777736" and "eno33554984", and the services "dhcpv6-client" and "ssh" are allowed, etc.

➂Show the settings for the specified zone.

The following example shows how to display the settings for the "dmz" zone

④About the "--permanent" option
In order to prevent the settings from being lost when the server is restarted or the "firewalld" service is restarted, use the "--permanent" option.
If the "--permanent" option is specified, the configuration will not be reflected in "firewalld" as it is, so it is necessary to reflect the configuration using "fiewall-cmd --reload".

As an example, to use the HTTP service permanently without being initialized even if the system is rebooted

⑤Adding and removing services to and from a zone

To add an already defined service to the zone, use "-add-service" to specify the service
# firewall-cmd [--permanent] --zone=Zone name --add-service=Service Name
If you want to add a service to the zone permanently, you need to configure it with the "--permanent" option.

Configuration example for adding a temporary service

Configuration example for permanently adding a service

⑥Service Removal

Use "--remove-service" to remove a service configured for a zone
# firewall-cmd [--permanent] --zone=Zone name --remove-service=Service Name

Remove the "http" service from the "public" zone as an example

⑦Add or remove ports to a zone
To add a communication that has not been added as a service to the zone, add it by specifying the port number and protocol

Add a port by specifying a zone

Use "--add-port" to add a port to the zone
# firewall-cmd [--permanent]--zone=Zone name --add-port=Port number/protocol

Let's add a rule with port number "10022" and protocol "TCP" to the "public" zone

Deleting a port by specifying its zone

Use "--remove-port" to remove a port from a zone
#  firewall-cmd [--permanent]--zone=Zone name --remove-port=Port number/protocol

Example: Delete the "10022/tcp" rule in the "public" zone

⑧How to start and stop

Since firewalld is controlled by systemd, use the systemctl command to start and stop it.

2.2 Release the modified SSH port 2244.

3.Connect remotely from Windows

Setting up in Windows

Use "Tera Term" as a terminal emulator.
Start Tera Term, cancel the startup screen, and then select "New Connection" from "File" in the Tera Term menu.

Enter your own settings in the "Server IP Address" and "TCP Port Number" fields.。Finally, click "OK".

Click "OK" and you will see the following screen

Click "Continue" on the screen above, and you will see the following screen

Enter your user name and password. If the information is correct, you should be able to log in successfully.

3.Synchronize the server time with Japan Standard Time.

① Change the configuration file as follows

②Restart chrony and enable chrony after restart

Check the status (operation) of chronyd.

It will be displayed as follows.

If you can see the "*" mark, synchronization is complete.

タイトルとURLをコピーしました