CentOS 7离线升级OpenSSH至9.1p1操作过程及遇上的问题

韦胖漫谈IT2024-04-22 20:13

在文章顶部下载适用于CentOS7的OpenSSH 9.1p1 rpm包,包含了服务器和客户端。

默认全部以root用户权限执行命令。

简单版

懒得看的话,复制以下4行命令执行即可。

bash 复制代码 
tar -zxvf centos7-openssh-9.1p1.tar.gz
rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd

踩坑记录版

升级完成后,SSH服务无法连上,记录排查及解决问题的过程。

bash 复制代码 
[root@TencentYJ240419 isayum]# tar -zxvf centos7-openssh-9.1p1.tar.gz
x openssh-9.1p1-1.tl2.x86_64.rpm
x openssh-server-9.1p1-1.tl2.x86_64.rpm
x openssh-clients-9.1p1-1.tl2.x86_64.rpm
[root@TencentYJ240419 isayum]# rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...
   1:openssh-9.1p1-1.tl2              ################################# [ 17%]
   2:openssh-server-9.1p1-1.tl2       ################################# [ 33%]
   3:openssh-clients-9.1p1-1.tl2      ################################# [ 50%]
正在清理/删除...
   4:openssh-clients-7.4p1-16.el7     ################################# [ 67%]
   5:openssh-server-7.4p1-16.el7      ################################# [ 83%]
   6:openssh-7.4p1-16.el7             ################################# [100%]

升级成功后,发现SSH无法连接,但已连接的SSH不受影响。尝试启动发现异常

bash 复制代码 
[root@TencentYJ240419 web_manager]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

[root@TencentYJ240419 web_manager]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since 五 2024-04-19 15:03:35 CST; 6s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 48052 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 48234 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
 Main PID: 19217 (code=exited, status=0/SUCCESS)

4月 19 15:03:35 TencentYJ240419 sshd[48234]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4月 19 15:03:35 TencentYJ240419 sshd[48234]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: It is required that your private key files are NOT accessible by others.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: This private key will be ignored.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: sshd: no hostkeys available -- exiting.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: [FAILED]
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service: control process exited, code=exited status=1
4月 19 15:03:35 TencentYJ240419 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 19 15:03:35 TencentYJ240419 systemd[1]: Unit sshd.service entered failed state.
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service failed.

根据提示信息,修改对应文件的权限并重启SSH服务。

bash 复制代码 
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd

然后尝试在服务器上ssh 127.0.0.1,发现登录不上,查看/var/log/message 发现一堆报错,如下:

bash 复制代码 
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: This private key will be ignored.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Could not get shadow information for root
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Failed password for root from 10.100.0.149 port 55392 ssh2
Apr 19 15:54:37 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Connection closed by authenticating user root 10.100.0.149 port 55392 [preauth]
Apr 19 15:54:37 TencentYJ240419 python: 10.100.0.7:50461 - - [19/Apr/2024 15:54:37] "HTTP/1.1 POST /" - 200 OK


Apr 19 15:55:14 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:14 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:14 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:14 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:14 TencentYJ240419 python: rtt min/avg/max/mdev = 55.520/55.520/55.520/0.000 ms
Apr 19 15:55:15 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:15 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.060 ms
Apr 19 15:55:15 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:15 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:15 TencentYJ240419 python: rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Failed password for root from 10.100.0.149 port 55394 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Connection closed by authenticating user root 10.100.0.149 port 55394 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Failed password for root from 10.100.0.149 port 55396 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Connection closed by authenticating user root 10.100.0.149 port 55396 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:36 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:36 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.6 ms
Apr 19 15:55:36 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:36 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:36 TencentYJ240419 python: rtt min/avg/max/mdev = 55.656/55.656/55.656/0.000 ms
Apr 19 15:55:37 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:37 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.052 ms
Apr 19 15:55:37 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:37 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:37 TencentYJ240419 python: rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:54 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:54 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:54 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:54 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:54 TencentYJ240419 python: rtt min/avg/max/mdev = 55.569/55.569/55.569/0.000 ms
Apr 19 15:55:55 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:55 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.044 ms
Apr 19 15:55:55 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:55 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:55 TencentYJ240419 python: rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Failed password for root from 10.100.0.149 port 55406 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Connection closed by authenticating user root 10.100.0.149 port 55406 [preauth]
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Failed password for root from 10.100.0.149 port 55408 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Connection closed by authenticating user root 10.100.0.149 port 55408 [preauth]
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: error: Could not get shadow information for root
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Failed password for root from 10.100.0.149 port 55410 ssh2
Apr 19 15:55:56 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Connection closed by authenticating user root 10.100.0.149 port 55410 [preauth]
Apr 19 15:55:56 TencentYJ240419 python: 10.100.0.7:50468 - - [19/Apr/2024 15:55:56] "HTTP/1.1 POST /" - 200 OK
相关推荐
牛奶咖啡1310 分钟前
DevOps自动化运维实践_搭建UEFI网络引导的自动安装Ubuntu20及其更高版本系统
运维·自动化·devops·cloud-init·cloud-init自动应答·ubuntu24系统自动化安装·uefi网络引导自动安装部署
A.A呐31 分钟前
【Linux第十八章】线程
linux
wanhengidc32 分钟前
云手机与模拟器的关系
大数据·运维·服务器·分布式·智能手机
fresh hacker1 小时前
【Linux系统】通用的“系统排障”
linux·运维·服务器·网络·php
编程之升级打怪1 小时前
Linux系统难用的原因
linux
STKingA11 小时前
Win11 WSL2+Ubuntu开发环境配置全攻略
linux·运维·ubuntu
原来是猿2 小时前
关于【进程池阻塞 + 子进程未回收问题】
linux·服务器·c++
wzhidev2 小时前
05、Python流程控制与函数定义:从调试现场到工程实践
linux·网络·python
艾莉丝努力练剑2 小时前
【Linux:文件】文件基础IO进阶
linux·运维·服务器·c语言·网络·c++·centos
Agent产品评测局2 小时前
企业自动化项目,如何做好内部推广与员工培训?——企业级智能体落地与人才赋能实测指南
运维·人工智能·ai·chatgpt·自动化
热门推荐
012026年3月AI领域大事件:DeepSeek引领开源风暴02GitHub 镜像站点03围棋-html版本04小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)05班级宠物园部署指南06【计算机一级WPSoffice】小黑课堂题库软件下载安装教程(2026年3月最新版)07UV安装并设置国内源08“wsl --install -d Ubuntu-22.04”下载慢,中国地区离线安装 Ubuntu 22.04 WSL方法(亲测2025年5月6日)09中国象棋-html版本10Qwen3.5 开源全解析:从 0.8B 到 397B,代际升级 + 全场景选型指南