Centos7升级到openssh9.9

openssh9.9 是2024.9.20出的最新版ssh。因为客户扫描出一大堆centos7的漏洞,全是这个openssh的,好多补丁,所以索性升级到最新版。

需要自己制作rpm包,这个我是不懂,照这个来:

Linux服务器升级openssh9.9最新版全过程,及遇到问题处理_openssh-server最新版本-CSDN博客

作者没有说明怎么处理异常,我这里是centos7的rpm:

https://download.csdn.net/download/leinchu/89896129

使用方法:

mkdir openssh9

mv openssh9.9.tar.gz openssh9

cd openssh9

tar xfz openssh9.9.tar.gz

rpm -ivh --nodeps --force openssh-9.9p1-1.el7.x86_64.rpm

rpm -ivh --nodeps --force openssh9.9.tar.gz

rpm -ivh --nodeps --force openssh-clients-9.9p1-1.el7.x86_64.rpm

rpm -ivh --nodeps --force openssh-debuginfo-9.9p1-1.el7.x86_64.rpm

rpm -ivh --nodeps --force openssh-server-9.9p1-1.el7.x86_64.rpm

ssh-keygen -A

chmod 600 /etc/ssh/ssh_host_ed25519_key

chown root:root /etc/ssh/ssh_host_ed25519_key

sudo chmod 600 /etc/ssh/ssh_host_rsa_key

chown root:root /etc/ssh/ssh_host_rsa_key

sudo chmod 600 /etc/ssh/ssh_host_ecdsa_key

chown root:root /etc/ssh/ssh_host_ecdsa_key

sshd -t -f /etc/ssh/sshd_config

mv /etc/pam.d/sshd /etc/pam.d/sshdbak

vi /etc/pam.d/sshd

#%PAM-1.0

auth required pam_sepermit.so

auth include password-auth

account required pam_nologin.so

account include password-auth

password include password-auth

pam_selinux.so close should be the first session rule

session required pam_selinux.so close

session required pam_loginuid.so

pam_selinux.so open should only be followed by sessions to be executed in the user context

session required pam_selinux.so open env_params

session optional pam_keyinit.so force revoke

session include password-auth

systemctl restart sshd


验证:ssh -V

遇到的报错:

Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions

sshd: no hostkeys available -- exiting

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.

Oct 17 11:57:33 snmp sshd139477: It is required that your private key files are NOT accessible by others.

Oct 17 11:57:33 snmp sshd139477: This private key will be ignored.

Oct 17 11:57:33 snmp sshd139477: Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions

Oct 17 11:57:33 snmp systemd1: sshd.service: main process exited, code=exited, status=1/FAILURE

Oct 17 11:57:33 snmp sshd139477: Unable to load host key: /etc/ssh/ssh_host_rsa_key

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.

Oct 17 11:57:33 snmp sshd139477: It is required that your private key files are NOT accessible by others.

Oct 17 11:57:33 snmp sshd139477: This private key will be ignored.

Oct 17 11:57:33 snmp sshd139477: Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": bad permissions

Oct 17 11:57:33 snmp sshd139477: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

Oct 17 11:57:33 snmp sshd139477: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Oct 17 11:57:33 snmp sshd139477: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.

Oct 17 11:57:33 snmp sshd139477: It is required that your private key files are NOT accessible by others.

Oct 17 11:57:33 snmp sshd139477: This private key will be ignored.

Oct 17 11:57:33 snmp sshd139477: Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions

Oct 17 11:57:33 snmp sshd139477: Unable to load host key: /etc/ssh/ssh_host_ed25519_key

Oct 17 11:57:33 snmp sshd139477: sshd: no hostkeys available -- exiting.

Oct 17 11:57:33 snmp systemd1: Failed to start OpenSSH server daemon.

-- Subject: Unit sshd.service has failed

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit sshd.service has failed.

--

-- The result is failed.

Oct 17 11:57:33 snmp systemd1: Unit sshd.service entered failed state.

Oct 17 11:57:33 snmp systemd1: sshd.service failed.

Oct 17 11:57:33 snmp polkitd7888: Unregistered Authentication Agent for unix-process:139470:389161800 (system bus name :1.41641, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Oct 17 11:58:01 snmp systemd1: Created slice User Slice of pcp.

-- Subject: Unit user-994.slice has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit user-994.slice has finished starting up.

--

-- The start-up result is done.

Oct 17 11:58:01 snmp systemd1: Started Session 13127 of user pcp.

-- Subject: Unit session-13127.scope has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit session-13127.scope has finished starting up.

--

-- The start-up result is done.

Oct 17 11:58:01 snmp CROND139602: (pcp) CMD ( /usr/libexec/pcp/bin/pmie_check -C)

Oct 17 11:58:01 snmp systemd1: Removed slice User Slice of pcp.

-- Subject: Unit user-994.slice has finished shutting down

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- Unit user-994.slice has finished shutting down.

相关推荐
RisunJan9 小时前
Linux命令-rlogin(远程登录)
linux·运维
深圳恒讯9 小时前
菲律宾云服务器与传统VPS的架构差异
运维·服务器·架构
蓝天下的守望者9 小时前
svt_apb_if里的宏定义问题
运维·服务器·数据库
小林ixn9 小时前
从“玩具工具”到“跨语言利器”:MCP 协议实战解析
运维·服务器·网络
小顿的企业观察10 小时前
中企出海战略规划,正在从“走出去”转向“走进去”
大数据·运维·人工智能·产品运营·制造
数智化转型推荐官11 小时前
2026统一身份管理系统五大发展趋势解读
java·运维·微服务
看菜鸡互11 小时前
探索用 SlideML 让大模型生成 PPT 的实验方法
java·运维
2603_9547083111 小时前
全维度容错设计,打造微电网安全运行屏障
服务器·网络·数据库·人工智能·分布式·安全
其实防守也摸鱼11 小时前
蓝队相关知识学习(1)---常用堡垒机和服务器
服务器·功能测试·学习·网络安全·网络攻击模型·攻防对抗·蓝队
liguojun202513 小时前
篮球馆自动计时收费系统:从规则配置到自动结算的全流程拆解
java·大数据·运维·人工智能·物联网·1024程序员节