(macOS)[Raspberrypi][ubuntu 20.04] wifi 고정 ip 설정, ssh port 변경, 방화벽 설정

INTRO

wifi 고정 ip 설정

ssh port 변경방화벽 설정 : ssh port 허용

 

1. wifi 고정 ip 설정

$ cd /etc/netplan
기존 설정 복사 및 생성
/etc/netplan$ sudo cp 50-cloud-init.yaml 10-wifi-static-init.yaml
기존 설정 백업
/etc/netplan$ sudo mv50-cloud-init.yaml 50-cloud-init.yaml_back
/etc/netplan$ sudo nano 10-wifi-static-init.yaml

network:
    ethernets:
        eth0:
            dhcp4: true
            optional: true

    wifis:
        wlan0:
            addresses: [192.XXX.XXX.XXX/24]
            gateway4: 192.XXX.XXX.1
            nameservers:
               addresses: [8.8.8.8, 8.8.4.4]
            access-points:
                "Your-SSID":
                    password: "SSID-PW"
    version: 2

netplan 문법 검사
/etc/netplan$ sudo netplan generate
netplan 적용
/etc/netplan$ sudo netplan apply
netplan 적용 확인
/etc/netplan$ ifconfig

 

2. ssh port 변경

[New-PortNo.]에 번호지정, 기본 22로 지정되어있음
변경 이후 macOS 접속 시 port 번호 지정 접속 : $ ssh ubuntu@[Your-IP] -p[New-PortNo.]
$ sudo nano /etc/ssh/sshd_config

#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

Port [New-PortNo.]
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

sshd 재시작
$sudo service sshd restart

 

3. 방화벽 설정 : ssh port 허용

방화벽 사용 : 기본 inactive
$ sudo ufw enable
$ sudo ufw status

Status: active

 

ssh 허용
$ sudo ufw allow ssh
$ sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
22/tcp                   ALLOW       Anywhere
22/tcp (v6)           ALLOW       Anywhere (v6)

 

특정 tcp port 허용
$ sudo ufw allow [New-PortNo.]/tcp
$ sudo ufw status

To                                             Action      From
--                                              ------      ----
22/tcp                                      ALLOW       Anywhere

[New-PortNo.]/tcp                 ALLOW       Anywhere
22/tcp (v6)                              ALLOW       Anywhere (v6)

[New-PortNo.]/tcp (v6)         ALLOW       Anywhere (v6)

 

특정 tcp port 거부
$ sudo ufw deny 22/tcp
$ sudo ufw status

To                                             Action      From
--                                              ------      ----
22/tcp                                      DENY       Anywhere

[New-PortNo.]/tcp                 ALLOW       Anywhere
22/tcp (v6)                             DENY       Anywhere (v6)

[New-PortNo.]/tcp (v6)         ALLOW       Anywhere (v6)

 

방화벽 규칙 제거
$ sudo ufw delete deny 22/tcp
$ sudo ufw status

To                                             Action      From
--                                              ------      ----

[New-PortNo.]/tcp                 ALLOW       Anywhere

[New-PortNo.]/tcp (v6)         ALLOW       Anywhere (v6)