Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.
Overview
This topic describes how to set security group policies after SSH is enabled for Linux instances.
Description
Before setting a security group policy for a Linux instance, you need to check whether the SELinux service and firewall are enabled in the current Linux instance. If you need to enable the security service of a Linux instance, refer to the official documentation. Configure the corresponding security policy based on your on-site requirements. Then, set the corresponding security group policy in the ECS instance management console based on the configured security policy. If you do not need to enable the built-in security service of the Linux instance, follow the following optional steps to disable the corresponding service, and then directly set the corresponding security group policy in the ECS instance management console. This topic uses the CentOS 7.6 64-bit operating system as an example.
Optional Step 1: Disable the SELinux service
- Log on to the Linux instance through the management terminal, and run the following command to check the SELinux service status:
getenforce
- Run the vi or vim command to enter the editing mode of the
/etc/selinux/config
file and change the value of theSELINUX
parameter todisabled
.
The system display is similar to the following. - Restart the system. If it is not convenient to restart the system, run the following command to temporarily disable the SELinux service:
setenforce 0
Optional Step 2: Disable the system firewall
- Run the following command to check the firewall status:
systemctl status firewalld.service
- Run the following command to disable the firewall:
systemctl stop firewalld.service
- Run the following command to enable the firewall service on startup:
systemctl disable firewalld.service
Check the SSH service
- Run the following command to view the SSH service status:
systemctl status sshd.service
- Run the following command to restart the SSH service:
systemctl restart sshd.service
- Run the following command to view the SSH service configuration file and confirm and record the port number that is enabled for the SSH service:
cat /etc/ssh/sshd_config grep Port
Note: The default connection port for the SSH service is 22.
Set the corresponding security group policy in the ECS instance management console
For more information about how to set the port policy for the SSH service in the ECS instance management console, see the following documents.
References
For more information about how to modify the SSH service port, see the following documents.
Applicable scope
- Elastic Compute Service (ECS)