First, the server environment
R620 dell physical server
systems as follows:
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core) Second, the subject matter Bowen
2.1 initialization parameters to optimize server security system and modify the ssh login server port after reboot to restart the server simply could not ssh remote login server, troubleshoot server or firewalld iptables firewall. That's what the problem is caused by it? ?
The main server system selinux is disabled or not disabled Permissive out, leading to restart the server, sshd service failed to start.
2.2 that in centos7 series systems selinux out how to disable it?
2 ways:
The first command line is set setenforce 0
setenforce 0 This is temporarily disabled, restart the server fails and requires special attention: the system centos7 in if only a simple command-line setenforce 0 to disable selinux, did not modify / etc / sysconfig / selinux in
SELINUX = disabled, then, (sshd service is the default boot from the start in centos7 system) to modify the sshd configuration file, reboot reboot the server at this time, resulting in sshd service failed to start, can not lead to ssh remote login server.
The second is to directly modify / etc / sysconfig / selinux configuration file SELINUX = disabled finished modifying parameters sshd configuration file, then reboot the server to restart the ssh remote login .
But after any natural encounter a problem, I modified the / etc / sysconfig / selinux configuration file SELINUX = disabled reboot to restart the server, still can not ssh remote login server, IDC room so that colleagues can only watch the monitor is connected into the system via server
setenforce 0 Close selinux, then restart sshd on it.
2.3 troubleshooting reasons:
Out of curiosity, other than a normal server, find the problem of
View normal server discovery:
[root @ localhost scripts] # LL / etc / sysconfig / SELinux
lrwxrwxrwx 1 root root 17 Mar 21 04:59 / etc / sysconfig / SELinux -> ../selinux/config.
The default / etc / sysconfig / selinux the original document is / etc / selinux / config soft connection of the file (shortcut equivalent windows system files) in centos7 x86_64 systems in place to minimize
modify / etc / sysconfig / selinux this document while the / etc / selinux / config file that will be modified. When restart the server load is / etc / selinux / config file to close the selinux
But my physical machine is used to develop the test, their side have server permissions, do not know when this group of developers to / etc / selinux / config file connected to this soft deleted, and cp / etc / selinux / config to / etc / sysconfig / selinux
and the contents inside these two documents are still original. That is, / etc / selinux / config this file SELINUX = Enforcing however modify / etc / sysconfig / selinux in SELINUX = disabled and does not modify the / etc while / selinux / config content
Because the soft link / etc / selinux / config file that had already been developed to the deleted. And the server will reboot to load / etc / selinux / config file this
so End modify the configuration file of the sshd service, when you restart the server, sshd service failed to start, they will not ssh remote login server
Then re-create the soft link
ln -s /etc/selinux/config /etc/sysconfig/selinux
[root@localhost ~]# ll /etc/sysconfig/selinux
lrwxrwxrwx. 1 root root 19 3月 23 14:07 /etc/sysconfig/selinux -> /etc/selinux/configOK to restart the server