CentOS 7离线升级OpenSSH至9.1p1操作过程及遇上的问题

韦胖漫谈IT2024-04-22 20:13

在文章顶部下载适用于CentOS7的OpenSSH 9.1p1 rpm包,包含了服务器和客户端。

默认全部以root用户权限执行命令。

简单版

懒得看的话,复制以下4行命令执行即可。

bash 复制代码 
tar -zxvf centos7-openssh-9.1p1.tar.gz
rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd

踩坑记录版

升级完成后,SSH服务无法连上,记录排查及解决问题的过程。

bash 复制代码 
[root@TencentYJ240419 isayum]# tar -zxvf centos7-openssh-9.1p1.tar.gz
x openssh-9.1p1-1.tl2.x86_64.rpm
x openssh-server-9.1p1-1.tl2.x86_64.rpm
x openssh-clients-9.1p1-1.tl2.x86_64.rpm
[root@TencentYJ240419 isayum]# rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...
   1:openssh-9.1p1-1.tl2              ################################# [ 17%]
   2:openssh-server-9.1p1-1.tl2       ################################# [ 33%]
   3:openssh-clients-9.1p1-1.tl2      ################################# [ 50%]
正在清理/删除...
   4:openssh-clients-7.4p1-16.el7     ################################# [ 67%]
   5:openssh-server-7.4p1-16.el7      ################################# [ 83%]
   6:openssh-7.4p1-16.el7             ################################# [100%]

升级成功后,发现SSH无法连接,但已连接的SSH不受影响。尝试启动发现异常

bash 复制代码 
[root@TencentYJ240419 web_manager]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

[root@TencentYJ240419 web_manager]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since 五 2024-04-19 15:03:35 CST; 6s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 48052 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 48234 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
 Main PID: 19217 (code=exited, status=0/SUCCESS)

4月 19 15:03:35 TencentYJ240419 sshd[48234]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4月 19 15:03:35 TencentYJ240419 sshd[48234]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: It is required that your private key files are NOT accessible by others.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: This private key will be ignored.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: sshd: no hostkeys available -- exiting.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: [FAILED]
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service: control process exited, code=exited status=1
4月 19 15:03:35 TencentYJ240419 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 19 15:03:35 TencentYJ240419 systemd[1]: Unit sshd.service entered failed state.
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service failed.

根据提示信息,修改对应文件的权限并重启SSH服务。

bash 复制代码 
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd

然后尝试在服务器上ssh 127.0.0.1,发现登录不上,查看/var/log/message 发现一堆报错,如下:

bash 复制代码 
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: This private key will be ignored.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Could not get shadow information for root
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Failed password for root from 10.100.0.149 port 55392 ssh2
Apr 19 15:54:37 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Connection closed by authenticating user root 10.100.0.149 port 55392 [preauth]
Apr 19 15:54:37 TencentYJ240419 python: 10.100.0.7:50461 - - [19/Apr/2024 15:54:37] "HTTP/1.1 POST /" - 200 OK


Apr 19 15:55:14 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:14 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:14 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:14 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:14 TencentYJ240419 python: rtt min/avg/max/mdev = 55.520/55.520/55.520/0.000 ms
Apr 19 15:55:15 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:15 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.060 ms
Apr 19 15:55:15 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:15 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:15 TencentYJ240419 python: rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Failed password for root from 10.100.0.149 port 55394 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Connection closed by authenticating user root 10.100.0.149 port 55394 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Failed password for root from 10.100.0.149 port 55396 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Connection closed by authenticating user root 10.100.0.149 port 55396 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:36 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:36 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.6 ms
Apr 19 15:55:36 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:36 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:36 TencentYJ240419 python: rtt min/avg/max/mdev = 55.656/55.656/55.656/0.000 ms
Apr 19 15:55:37 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:37 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.052 ms
Apr 19 15:55:37 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:37 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:37 TencentYJ240419 python: rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:54 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:54 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:54 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:54 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:54 TencentYJ240419 python: rtt min/avg/max/mdev = 55.569/55.569/55.569/0.000 ms
Apr 19 15:55:55 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:55 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.044 ms
Apr 19 15:55:55 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:55 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:55 TencentYJ240419 python: rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Failed password for root from 10.100.0.149 port 55406 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Connection closed by authenticating user root 10.100.0.149 port 55406 [preauth]
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Failed password for root from 10.100.0.149 port 55408 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Connection closed by authenticating user root 10.100.0.149 port 55408 [preauth]
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: error: Could not get shadow information for root
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Failed password for root from 10.100.0.149 port 55410 ssh2
Apr 19 15:55:56 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Connection closed by authenticating user root 10.100.0.149 port 55410 [preauth]
Apr 19 15:55:56 TencentYJ240419 python: 10.100.0.7:50468 - - [19/Apr/2024 15:55:56] "HTTP/1.1 POST /" - 200 OK
相关推荐
小糖学代码2 小时前
LLM系列:1.python入门:3.布尔型对象
linux·开发语言·python
shizhan_cloud2 小时前
Shell 函数的知识与实践
linux·运维
Deng8723473482 小时前
代码语法检查工具
linux·服务器·windows
奔跑吧 android3 小时前
【vscode】【远程 ssh 开发】【环境搭建】
ide·vscode·ssh
云计算老刘3 小时前
3.Shell 变量基础知识
chrome·正则表达式·centos·云计算
霍夫曼4 小时前
UTC时间与本地时间转换问题
java·linux·服务器·前端·javascript
siriuuus4 小时前
Redis 安装、多实例部署、主从复制及 Cluster 实践
数据库·redis·centos
2301_810746314 小时前
CKA冲刺40天笔记 - day20-day21 SSL/TLS详解
运维·笔记·网络协议·kubernetes·ssl
❀͜͡傀儡师4 小时前
docker 部署 komari-monitor监控
运维·docker·容器·komari
物联网软硬件开发-轨物科技4 小时前
【轨物方案】软硬件一体赋能,开启矿山机械远程智慧运维新篇章
运维
热门推荐
01GitHub 镜像站点02【超详细教程】手把手教你从微软官网免费下载Windows 10官方原版ISO镜像(2025最新版)03React CVE-2025-55182漏洞排查与修复指南04安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)05UV安装并设置国内源06BongoCat - 跨平台键盘猫动画工具07打造高效订单处理!ZKmall开源商城的统一履约中心架构解析08智能库存管理的需求预测模型:从业务痛点到落地代码的完整实践09本地部署阿里最新开源的Z-Image10Linux下V2Ray安装配置指南