在文章顶部下载适用于CentOS7的OpenSSH 9.1p1 rpm包,包含了服务器和客户端。
默认全部以root用户权限执行命令。
简单版
懒得看的话,复制以下4行命令执行即可。
bash
tar -zxvf centos7-openssh-9.1p1.tar.gz
rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd
踩坑记录版
升级完成后,SSH服务无法连上,记录排查及解决问题的过程。
bash
[root@TencentYJ240419 isayum]# tar -zxvf centos7-openssh-9.1p1.tar.gz
x openssh-9.1p1-1.tl2.x86_64.rpm
x openssh-server-9.1p1-1.tl2.x86_64.rpm
x openssh-clients-9.1p1-1.tl2.x86_64.rpm
[root@TencentYJ240419 isayum]# rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
准备中... ################################# [100%]
正在升级/安装...
1:openssh-9.1p1-1.tl2 ################################# [ 17%]
2:openssh-server-9.1p1-1.tl2 ################################# [ 33%]
3:openssh-clients-9.1p1-1.tl2 ################################# [ 50%]
正在清理/删除...
4:openssh-clients-7.4p1-16.el7 ################################# [ 67%]
5:openssh-server-7.4p1-16.el7 ################################# [ 83%]
6:openssh-7.4p1-16.el7 ################################# [100%]
升级成功后,发现SSH无法连接,但已连接的SSH不受影响。尝试启动发现异常
bash
[root@TencentYJ240419 web_manager]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@TencentYJ240419 web_manager]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since 五 2024-04-19 15:03:35 CST; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 48052 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 48234 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
Main PID: 19217 (code=exited, status=0/SUCCESS)
4月 19 15:03:35 TencentYJ240419 sshd[48234]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4月 19 15:03:35 TencentYJ240419 sshd[48234]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: It is required that your private key files are NOT accessible by others.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: This private key will be ignored.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: sshd: no hostkeys available -- exiting.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: [FAILED]
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service: control process exited, code=exited status=1
4月 19 15:03:35 TencentYJ240419 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 19 15:03:35 TencentYJ240419 systemd[1]: Unit sshd.service entered failed state.
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service failed.
根据提示信息,修改对应文件的权限并重启SSH服务。
bash
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd
然后尝试在服务器上ssh 127.0.0.1,发现登录不上,查看/var/log/message
发现一堆报错,如下:
bash
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: This private key will be ignored.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Could not get shadow information for root
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Failed password for root from 10.100.0.149 port 55392 ssh2
Apr 19 15:54:37 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Connection closed by authenticating user root 10.100.0.149 port 55392 [preauth]
Apr 19 15:54:37 TencentYJ240419 python: 10.100.0.7:50461 - - [19/Apr/2024 15:54:37] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:14 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:14 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:14 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:14 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:14 TencentYJ240419 python: rtt min/avg/max/mdev = 55.520/55.520/55.520/0.000 ms
Apr 19 15:55:15 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:15 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.060 ms
Apr 19 15:55:15 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:15 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:15 TencentYJ240419 python: rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Failed password for root from 10.100.0.149 port 55394 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Connection closed by authenticating user root 10.100.0.149 port 55394 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Failed password for root from 10.100.0.149 port 55396 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Connection closed by authenticating user root 10.100.0.149 port 55396 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:36 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:36 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.6 ms
Apr 19 15:55:36 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:36 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:36 TencentYJ240419 python: rtt min/avg/max/mdev = 55.656/55.656/55.656/0.000 ms
Apr 19 15:55:37 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:37 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.052 ms
Apr 19 15:55:37 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:37 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:37 TencentYJ240419 python: rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:54 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:54 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:54 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:54 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:54 TencentYJ240419 python: rtt min/avg/max/mdev = 55.569/55.569/55.569/0.000 ms
Apr 19 15:55:55 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:55 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.044 ms
Apr 19 15:55:55 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:55 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:55 TencentYJ240419 python: rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Failed password for root from 10.100.0.149 port 55406 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Connection closed by authenticating user root 10.100.0.149 port 55406 [preauth]
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Failed password for root from 10.100.0.149 port 55408 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Connection closed by authenticating user root 10.100.0.149 port 55408 [preauth]
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: error: Could not get shadow information for root
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Failed password for root from 10.100.0.149 port 55410 ssh2
Apr 19 15:55:56 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Connection closed by authenticating user root 10.100.0.149 port 55410 [preauth]
Apr 19 15:55:56 TencentYJ240419 python: 10.100.0.7:50468 - - [19/Apr/2024 15:55:56] "HTTP/1.1 POST /" - 200 OK