CentOS 7离线升级OpenSSH至9.1p1操作过程及遇上的问题

在文章顶部下载适用于CentOS7的OpenSSH 9.1p1 rpm包,包含了服务器和客户端。

默认全部以root用户权限执行命令。

简单版

懒得看的话,复制以下4行命令执行即可。

bash 复制代码
tar -zxvf centos7-openssh-9.1p1.tar.gz
rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm
chmod 600 /etc/ssh/ssh_host_*
systemctl restart sshd

踩坑记录版

升级完成后,SSH服务无法连上,记录排查及解决问题的过程。

bash 复制代码
[root@TencentYJ240419 isayum]# tar -zxvf centos7-openssh-9.1p1.tar.gz
x openssh-9.1p1-1.tl2.x86_64.rpm
x openssh-server-9.1p1-1.tl2.x86_64.rpm
x openssh-clients-9.1p1-1.tl2.x86_64.rpm
[root@TencentYJ240419 isayum]# rpm -Uvh openssh-9.1p1-1.tl2.x86_64.rpm openssh-server-9.1p1-1.tl2.x86_64.rpm openssh-clients-9.1p1-1.tl2.x86_64.rpm 
准备中...                          ################################# [100%]
正在升级/安装...
   1:openssh-9.1p1-1.tl2              ################################# [ 17%]
   2:openssh-server-9.1p1-1.tl2       ################################# [ 33%]
   3:openssh-clients-9.1p1-1.tl2      ################################# [ 50%]
正在清理/删除...
   4:openssh-clients-7.4p1-16.el7     ################################# [ 67%]
   5:openssh-server-7.4p1-16.el7      ################################# [ 83%]
   6:openssh-7.4p1-16.el7             ################################# [100%]

升级成功后,发现SSH无法连接,但已连接的SSH不受影响。尝试启动发现异常

bash 复制代码
[root@TencentYJ240419 web_manager]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

[root@TencentYJ240419 web_manager]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since 五 2024-04-19 15:03:35 CST; 6s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 48052 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
  Process: 48234 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
 Main PID: 19217 (code=exited, status=0/SUCCESS)

4月 19 15:03:35 TencentYJ240419 sshd[48234]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
4月 19 15:03:35 TencentYJ240419 sshd[48234]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: It is required that your private key files are NOT accessible by others.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: This private key will be ignored.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: sshd: no hostkeys available -- exiting.
4月 19 15:03:35 TencentYJ240419 sshd[48234]: [FAILED]
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service: control process exited, code=exited status=1
4月 19 15:03:35 TencentYJ240419 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
4月 19 15:03:35 TencentYJ240419 systemd[1]: Unit sshd.service entered failed state.
4月 19 15:03:35 TencentYJ240419 systemd[1]: sshd.service failed.

根据提示信息,修改对应文件的权限并重启SSH服务。

bash 复制代码
chmod 600 /etc/ssh/ssh_host_ed25519_key
systemctl restart sshd

然后尝试在服务器上ssh 127.0.0.1,发现登录不上,查看/var/log/message 发现一堆报错,如下:

bash 复制代码
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: This private key will be ignored.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: error: Could not get shadow information for root
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Failed password for root from 10.100.0.149 port 55392 ssh2
Apr 19 15:54:37 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:54:37 TencentYJ240419 sshd[29650]: Connection closed by authenticating user root 10.100.0.149 port 55392 [preauth]
Apr 19 15:54:37 TencentYJ240419 python: 10.100.0.7:50461 - - [19/Apr/2024 15:54:37] "HTTP/1.1 POST /" - 200 OK


Apr 19 15:55:14 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:14 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:14 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:14 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:14 TencentYJ240419 python: rtt min/avg/max/mdev = 55.520/55.520/55.520/0.000 ms
Apr 19 15:55:15 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:15 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.060 ms
Apr 19 15:55:15 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:15 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:15 TencentYJ240419 python: rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Failed password for root from 10.100.0.149 port 55394 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29670]: Connection closed by authenticating user root 10.100.0.149 port 55394 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: This private key will be ignored.
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: error: Could not get shadow information for root
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Failed password for root from 10.100.0.149 port 55396 ssh2
Apr 19 15:55:15 TencentYJ240419 sshd[29674]: Connection closed by authenticating user root 10.100.0.149 port 55396 [preauth]
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: It is required that your private key files are NOT accessible by others.
Apr 19 15:55:15 TencentYJ240419 sshd[29678]: error: This private key will be ignored.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: error: Could not get shadow information for root
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Failed password for root from 10.100.0.149 port 55398 ssh2
Apr 19 15:55:16 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:16 TencentYJ240419 sshd[29678]: Connection closed by authenticating user root 10.100.0.149 port 55398 [preauth]
Apr 19 15:55:16 TencentYJ240419 python: 10.100.0.7:50464 - - [19/Apr/2024 15:55:16] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:36 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:36 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.6 ms
Apr 19 15:55:36 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:36 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:36 TencentYJ240419 python: rtt min/avg/max/mdev = 55.656/55.656/55.656/0.000 ms
Apr 19 15:55:37 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:37 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.052 ms
Apr 19 15:55:37 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:37 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:37 TencentYJ240419 python: rtt min/avg/max/mdev = 0.052/0.052/0.052/0.000 ms
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
^C
[root@TencentYJ240419 .ssh]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@TencentYJ240419 .ssh]# tail -f /var/log/messages 
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Failed password for root from 10.100.0.149 port 55400 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29697]: Connection closed by authenticating user root 10.100.0.149 port 55400 [preauth]
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: error: Could not get shadow information for root
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Failed password for root from 10.100.0.149 port 55402 ssh2
Apr 19 15:55:37 TencentYJ240419 sshd[29701]: Connection closed by authenticating user root 10.100.0.149 port 55402 [preauth]
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: error: Could not get shadow information for root
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Failed password for root from 10.100.0.149 port 55404 ssh2
Apr 19 15:55:38 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:38 TencentYJ240419 sshd[29705]: Connection closed by authenticating user root 10.100.0.149 port 55404 [preauth]
Apr 19 15:55:38 TencentYJ240419 python: 10.100.0.7:50467 - - [19/Apr/2024 15:55:38] "HTTP/1.1 POST /" - 200 OK
Apr 19 15:55:54 TencentYJ240419 python: PING 203.107.6.88 (203.107.6.88) 56(84) bytes of data.
Apr 19 15:55:54 TencentYJ240419 python: 64 bytes from 203.107.6.88: icmp_seq=1 ttl=51 time=55.5 ms
Apr 19 15:55:54 TencentYJ240419 python: --- 203.107.6.88 ping statistics ---
Apr 19 15:55:54 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:54 TencentYJ240419 python: rtt min/avg/max/mdev = 55.569/55.569/55.569/0.000 ms
Apr 19 15:55:55 TencentYJ240419 python: PING 10.100.0.149 (10.100.0.149) 56(84) bytes of data.
Apr 19 15:55:55 TencentYJ240419 python: 64 bytes from 10.100.0.149: icmp_seq=1 ttl=64 time=0.044 ms
Apr 19 15:55:55 TencentYJ240419 python: --- 10.100.0.149 ping statistics ---
Apr 19 15:55:55 TencentYJ240419 python: 1 packets transmitted, 1 received, 0% packet loss, time 0ms
Apr 19 15:55:55 TencentYJ240419 python: rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Failed password for root from 10.100.0.149 port 55406 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29724]: Connection closed by authenticating user root 10.100.0.149 port 55406 [preauth]
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: error: Could not get shadow information for root
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Failed password for root from 10.100.0.149 port 55408 ssh2
Apr 19 15:55:55 TencentYJ240419 sshd[29728]: Connection closed by authenticating user root 10.100.0.149 port 55408 [preauth]
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: error: Could not get shadow information for root
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Failed password for root from 10.100.0.149 port 55410 ssh2
Apr 19 15:55:56 TencentYJ240419 python: Permission denied, please try again.
Apr 19 15:55:56 TencentYJ240419 sshd[29732]: Connection closed by authenticating user root 10.100.0.149 port 55410 [preauth]
Apr 19 15:55:56 TencentYJ240419 python: 10.100.0.7:50468 - - [19/Apr/2024 15:55:56] "HTTP/1.1 POST /" - 200 OK
相关推荐
T0uken6 分钟前
【Linux】SSH:简单端口转发的跳板机
linux·运维·ssh
goodlook01232 小时前
docker 安装运行mysql8.4.4
运维·docker·容器
运维行者_2 小时前
Azure数据库监控:如何在2025年选择合适的工具
运维·服务器·网络·数据库·flask·自动化·azure
dbkx_292 小时前
个人自用debian启动
linux·运维·debian
dualven_in_csdn4 小时前
搞了两天的win7批处理脚本问题
java·linux·前端
被瞧不起的神4 小时前
Docker 安装教程(CentOS 系统)纯新手可入门
docker·容器·centos
晨曦backend5 小时前
Vim 匹配跳转与搜索命令完整学习笔记
linux·编辑器·vim
bing_feilong6 小时前
Windows上SSH连接Ubuntu失败
windows·ubuntu·ssh
爬呀爬的水滴6 小时前
解决Ubuntu24.04版本,右键没有共享选项的问题
linux·服务器·ubuntu·samba·共享文件夹
IT coke7 小时前
centos7部署AWStats日志分析系统
linux·运维·centos