CentOS 7离线升级OpenSSH至9.1p1操作过程及遇上的问题

韦胖漫谈IT2024-04-22 20:13

在文章顶部下载适用于CentOS7的OpenSSH 9.1p1 rpm包,包含了服务器和客户端。

默认全部以root用户权限执行命令。

简单版

懒得看的话,复制以下4行命令执行即可。

bash 复制代码 
tar -zxvf centos7-openssh-9.1p1.tar.gz
rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd

踩坑记录版

升级完成后,SSH服务无法连上,记录排查及解决问题的过程。

bash 复制代码 
[root@TencentYJ240419 isayum]# tar -zxvf centos7-openssh-9.1p1.tar.gz
x openssh-9.1p1-1.tl2.x86_64.rpm
x openssh-server-9.1p1-1.tl2.x86_64.rpm
x openssh-clients-9.1p1-1.tl2.x86_64.rpm
[root@TencentYJ240419 isayum]# rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...
   1:openssh-9.1p1-1.tl2              ################################# [ 17%]
   2:openssh-server-9.1p1-1.tl2       ################################# [ 33%]
   3:openssh-clients-9.1p1-1.tl2      ################################# [ 50%]
正在清理/删除...
   4:openssh-clients-7.4p1-16.el7     ################################# [ 67%]
   5:openssh-server-7.4p1-16.el7      ################################# [ 83%]
   6:openssh-7.4p1-16.el7             ################################# [100%]

升级成功后,发现SSH无法连接,但已连接的SSH不受影响。尝试启动发现异常

bash 复制代码 
[root@TencentYJ240419 web_manager]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

[root@TencentYJ240419 web_manager]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since 五 2024-04-19 15:03:35 CST; 6s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 48052 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 48234 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
 Main PID: 19217 (code=exited, status=0/SUCCESS)

4月 19 15:03:35 TencentYJ240419 sshd[48234]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4月 19 15:03:35 TencentYJ240419 sshd[48234]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: It is required that your private key files are NOT accessible by others.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: This private key will be ignored.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: sshd: no hostkeys available -- exiting.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: [FAILED]
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service: control process exited, code=exited status=1
4月 19 15:03:35 TencentYJ240419 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 19 15:03:35 TencentYJ240419 systemd[1]: Unit sshd.service entered failed state.
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service failed.

根据提示信息,修改对应文件的权限并重启SSH服务。

bash 复制代码 
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd

然后尝试在服务器上ssh 127.0.0.1,发现登录不上,查看/var/log/message 发现一堆报错,如下:

bash 复制代码 
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: This private key will be ignored.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Could not get shadow information for root
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Failed password for root from 10.100.0.149 port 55392 ssh2
Apr 19 15:54:37 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Connection closed by authenticating user root 10.100.0.149 port 55392 [preauth]
Apr 19 15:54:37 TencentYJ240419 python: 10.100.0.7:50461 - - [19/Apr/2024 15:54:37] "HTTP/1.1 POST /" - 200 OK


Apr 19 15:55:14 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:14 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:14 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:14 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:14 TencentYJ240419 python: rtt min/avg/max/mdev = 55.520/55.520/55.520/0.000 ms
Apr 19 15:55:15 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:15 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.060 ms
Apr 19 15:55:15 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:15 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:15 TencentYJ240419 python: rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Failed password for root from 10.100.0.149 port 55394 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Connection closed by authenticating user root 10.100.0.149 port 55394 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Failed password for root from 10.100.0.149 port 55396 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Connection closed by authenticating user root 10.100.0.149 port 55396 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:36 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:36 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.6 ms
Apr 19 15:55:36 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:36 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:36 TencentYJ240419 python: rtt min/avg/max/mdev = 55.656/55.656/55.656/0.000 ms
Apr 19 15:55:37 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:37 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.052 ms
Apr 19 15:55:37 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:37 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:37 TencentYJ240419 python: rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:54 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:54 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:54 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:54 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:54 TencentYJ240419 python: rtt min/avg/max/mdev = 55.569/55.569/55.569/0.000 ms
Apr 19 15:55:55 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:55 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.044 ms
Apr 19 15:55:55 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:55 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:55 TencentYJ240419 python: rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Failed password for root from 10.100.0.149 port 55406 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Connection closed by authenticating user root 10.100.0.149 port 55406 [preauth]
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Failed password for root from 10.100.0.149 port 55408 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Connection closed by authenticating user root 10.100.0.149 port 55408 [preauth]
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: error: Could not get shadow information for root
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Failed password for root from 10.100.0.149 port 55410 ssh2
Apr 19 15:55:56 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Connection closed by authenticating user root 10.100.0.149 port 55410 [preauth]
Apr 19 15:55:56 TencentYJ240419 python: 10.100.0.7:50468 - - [19/Apr/2024 15:55:56] "HTTP/1.1 POST /" - 200 OK
相关推荐
面朝大海,春不暖,花不开1 小时前
管理数据洪流:自动化处理与归档每日数据文件的策略与实践
运维·python·自动化
地衣君8 小时前
RISC-V 开发板 + Ubuntu 23.04 部署 open_vins 过程
linux·ubuntu·risc-v
5:008 小时前
云备份项目
linux·开发语言·c++
码农101号9 小时前
Linux中shell编程表达式和数组讲解
linux·运维·服务器
powerfulzyh9 小时前
非Root用户启动SSH服务经验小结
运维·ssh
云道轩9 小时前
升级centos 7.9内核到 5.4.x
linux·运维·centos
是小满满满满吗9 小时前
传输层:udp与tcp协议
linux·服务器·网络
爱学习的小道长10 小时前
Ubuntu Cursor升级成v1.0
linux·运维·ubuntu
EelBarb10 小时前
seafile:ubuntu搭建社区版seafile12.0
linux·运维·ubuntu
Xam_d_LM10 小时前
【Latex】Windows/Ubuntu 绘制 eps 矢量图通用方法(drawio),支持插入 Latex 数学公式
linux·ubuntu·科研·矢量图·drawio
热门推荐
01【图像处理与机器视觉】XJTU期末考点02从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑03KGG转MP3工具|非KGM文件|解密音频04海康Visionmaster-常见问题排查方法-启动阶段05YOLOv8入门 | 重要性能衡量指标、训练结果评价及分析及影响mAP的因素【发论文关注的指标】06【SpeedAI科研小助手】2分钟极速解决知网维普重复率、AIGC率过高,一键全文降!文件格式不变,公式都保留的!07R-tree详解08Coze扣子平台完整体验和实践(附国内和国际版对比)09DeepSeek各版本说明与优缺点分析10零代码入门 | Coze——让大模型接入自己的数据库