【openSSH】Linux openEuler-20.03-x86-64服务器升级openSSH至10.2p1版本

HunterMichaelG2025-12-18 17:11

OpenSSH 官方网站和源码包格式

OpenSSH 的官方下载地址: https://www.openssh.com/portable.html

OpenBSD 官方镜像:https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

在官网或镜像站,你可以找到各个版本的 OpenSSH 源码包,命名格式为:

```

openssh-X.XpY.tar.gz

X.X 是主版本号(如 10.0)

Y 是补丁号(如 p1)

```

```

yum -y install gcc make zlib-devel openssl-devel pam-devel krb5-devel

```

```

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.2p1.tar.gz

```

```

tar -zxf openssh-10.2p1.tar.gz

cd openssh-10.2p1

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-engine --with-kerberos5 --with-gssapi

make clean

make

ll /etc/ssh/ssh_host*

chmod 400 /etc/ssh/ssh_host*

make install

```

```

make install

Makefile:729: warning: ignoring prerequisites on suffix rule definition

(cd openbsd-compat && make)

make[1]: 进入目录"/tmp/openssh-10.2p1/openbsd-compat"

make[1]: 对"all"无需做任何事。

make[1]: 离开目录"/tmp/openssh-10.2p1/openbsd-compat"

/usr/bin/mkdir -p /usr/bin

/usr/bin/mkdir -p /usr/sbin

/usr/bin/mkdir -p /usr/share/man/man1

/usr/bin/mkdir -p /usr/share/man/man5

/usr/bin/mkdir -p /usr/share/man/man8

/usr/bin/mkdir -p /usr/libexec

/usr/bin/mkdir -p -m 0755 /var/empty

/usr/bin/install -c -m 0755 -s ssh /usr/bin/ssh

/usr/bin/install -c -m 0755 -s scp /usr/bin/scp

/usr/bin/install -c -m 0755 -s ssh-add /usr/bin/ssh-add

/usr/bin/install -c -m 0755 -s ssh-agent /usr/bin/ssh-agent

/usr/bin/install -c -m 0755 -s ssh-keygen /usr/bin/ssh-keygen

/usr/bin/install -c -m 0755 -s ssh-keyscan /usr/bin/ssh-keyscan

/usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd

/usr/bin/install -c -m 0755 -s sshd-session /usr/libexec/sshd-session

/usr/bin/install -c -m 0755 -s sshd-auth /usr/libexec/sshd-auth

/usr/bin/install -c -m 4711 -s ssh-keysign /usr/libexec/ssh-keysign

/usr/bin/install -c -m 0755 -s ssh-pkcs11-helper /usr/libexec/ssh-pkcs11-helper

/usr/bin/install -c -m 0755 -s ssh-sk-helper /usr/libexec/ssh-sk-helper

/usr/bin/install -c -m 0755 -s sftp /usr/bin/sftp

/usr/bin/install -c -m 0755 -s sftp-server /usr/libexec/sftp-server

/usr/bin/install -c -m 644 ssh.1.out /usr/share/man/man1/ssh.1

/usr/bin/install -c -m 644 scp.1.out /usr/share/man/man1/scp.1

/usr/bin/install -c -m 644 ssh-add.1.out /usr/share/man/man1/ssh-add.1

/usr/bin/install -c -m 644 ssh-agent.1.out /usr/share/man/man1/ssh-agent.1

/usr/bin/install -c -m 644 ssh-keygen.1.out /usr/share/man/man1/ssh-keygen.1

/usr/bin/install -c -m 644 ssh-keyscan.1.out /usr/share/man/man1/ssh-keyscan.1

/usr/bin/install -c -m 644 moduli.5.out /usr/share/man/man5/moduli.5

/usr/bin/install -c -m 644 sshd_config.5.out /usr/share/man/man5/sshd_config.5

/usr/bin/install -c -m 644 ssh_config.5.out /usr/share/man/man5/ssh_config.5

/usr/bin/install -c -m 644 sshd.8.out /usr/share/man/man8/sshd.8

/usr/bin/install -c -m 644 sftp.1.out /usr/share/man/man1/sftp.1

/usr/bin/install -c -m 644 sftp-server.8.out /usr/share/man/man8/sftp-server.8

/usr/bin/install -c -m 644 ssh-keysign.8.out /usr/share/man/man8/ssh-keysign.8

/usr/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/share/man/man8/ssh-pkcs11-helper.8

/usr/bin/install -c -m 644 ssh-sk-helper.8.out /usr/share/man/man8/ssh-sk-helper.8

/usr/bin/mkdir -p /etc/ssh

/etc/ssh/ssh_config already exists, install will not overwrite

/etc/ssh/sshd_config already exists, install will not overwrite

/etc/ssh/moduli already exists, install will not overwrite

/usr/sbin/sshd -t -f /etc/ssh/sshd_config

/etc/ssh/sshd_config line 155: Deprecated option RSAAuthentication

/etc/ssh/sshd_config line 157: Deprecated option RhostsRSAAuthentication

```

```

sed -i '/RSAAuthentication/s/^/#/' /etc/ssh/sshd_config

sed -i '/GSSAPIKexAlgorithms/s/^/#/' /etc/ssh/sshd_config

systemctl restart sshd

systemctl status sshd

systemctl enable sshd

```

![image.png](https://upload-images.jianshu.io/upload_images/12979420-a6dda4f30c647d1a.png?imageMogr2/auto-orient/strip|imageView2/2/w/1240)

从客户端发起对 目标机器的SSH连接失败,从目标机器上看日志:

```

tail -f /var/log/messages

Dec 4 17:31:29 localhost [/bin/bash]: [> /var/log/messages] return code=[0], execute success by [root(uid=0)] from [pts/2 (192.168.2.200)]

Dec 4 17:31:37 localhost sshd-session[28254]: Connection from 192.168.2.200 port 20380 on 192.168.2.167 port 22 rdomain ""

Dec 4 17:31:37 localhost audit[28254]: USER_AUTH pid=28254 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:31:37 localhost audit[28254]: USER_ACCT pid=28254 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:31:37 localhost sshd-session[28254]: Accepted password for root from 192.168.2.200 port 20380 ssh2

Dec 4 17:31:37 localhost audit[28254]: CRED_ACQ pid=28254 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:31:37 localhost audit[28254]: AVC avc: denied { create } for pid=28254 comm="sshd-session" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket permissive=0

Dec 4 17:31:37 localhost audit[28254]: SYSCALL arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=80003 a2=7 a3=7f3e17af9aa0 items=0 ppid=27954 pid=28254 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=11 comm="sshd-session" exe="/usr/libexec/sshd-session" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)

Dec 4 17:31:37 localhost audit: PROCTITLE proctitle=737368642D73657373696F6E3A20726F6F74205B707269765D

Dec 4 17:31:37 localhost audit[28254]: ANOM_ABEND auid=0 uid=0 gid=0 ses=11 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 pid=28254 comm="sshd-session" exe="/usr/libexec/sshd-session" sig=6 res=1

Dec 4 17:31:37 localhost dbus-daemon[1789]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.17' (uid=0 pid=1713 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)

Dec 4 17:31:37 localhost sshd-session[28258]: Connection from 192.168.2.200 port 20381 on 192.168.2.167 port 22 rdomain ""

Dec 4 17:31:37 localhost systemd[1]: Started Process Core Dump (PID 28259/UID 0).

Dec 4 17:31:37 localhost audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@1-28259-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Dec 4 17:31:37 localhost systemd-coredump[28263]: Process 28254 (sshd-session) of user 0 dumped core.#012#012Stack trace of thread 28254:#012#0 0x00007f3e179c842b raise (libc.so.6)#012#1 0x00007f3e179c9751 abort (libc.so.6)#012#2 0x00007f3e179c0e2a n/a (libc.so.6)#012#3 0x00007f3e179c0ea2 __assert_fail (libc.so.6)#012#4 0x00007f3e178f9e15 avc_context_to_sid_raw (libselinux.so.1)#012#5 0x00007f3e178f9e50 avc_context_to_sid (libselinux.so.1)#012#6 0x00007f3e178fd05d selinux_check_access (libselinux.so.1)#012#7 0x00007f3e17793b77 pam_sm_open_session (pam_selinux.so)#012#8 0x00007f3e17fc7e04 n/a (libpam.so.0)#012#9 0x000055b46ef6f077 n/a (sshd-session)#012#10 0x000055b46ef3eca8 n/a (sshd-session)#012#11 0x00007f3e179b4ae7 __libc_start_main (libc.so.6)#012#12 0x000055b46ef3f6ba n/a (sshd-session)

Dec 4 17:31:37 localhost systemd[1]: systemd-coredump@1-28259-0.service: Succeeded.

Dec 4 17:31:37 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@1-28259-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Dec 4 17:31:37 localhost sshd-session[28258]: Connection closed by authenticating user root 192.168.2.200 port 20381 [preauth]

Dec 4 17:31:37 localhost audit[28258]: USER_ERR pid=28258 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=failed'

Dec 4 17:31:37 localhost sshd[27954]: srclimit_penalise: ipv4: new 192.168.2.200/32 deferred penalty of 1 seconds for penalty: connections without attempting authentication

Dec 4 17:31:37 localhost dbus-daemon[1789]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'

Dec 4 17:31:37 localhost setroubleshoot[28261]: failed to retrieve rpm info for /usr/libexec/sshd-session

Dec 4 17:31:37 localhost setroubleshoot[28261]: SELinux is preventing /usr/libexec/sshd-session from create access on the netlink_selinux_socket labeled sshd_t. For complete SELinux messages run: sealert -l dfa653d6-4819-43d1-9a8a-366489f8cfe8
Dec 4 17:31:37 localhost python3[28261]: SELinux is preventing /usr/libexec/sshd-session from create access on the netlink_selinux_socket labeled sshd_t.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that sshd-session should be allowed create access on the Unknown netlink_selinux_socket by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'sshd-session' --raw | audit2allow -M my-sshdsession#012# semodule -X 300 -i my-sshdsession.pp#012

```

```

journalctl -xe

-- Defined-By: systemd

-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- systemd-coredump@1-28259-0.service 单元已结束启动。

--

-- 启动结果为"done"。

12月 04 17:31:37 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@1-28259-0 comm="systemd" exe="/usr/lib>

12月 04 17:31:37 localhost.localdomain systemd-coredump[28263]: Process 28254 (sshd-session) of user 0 dumped core.

Stack trace of thread 28254:

#0 0x00007f3e179c842b raise (libc.so.6)

#1 0x00007f3e179c9751 abort (libc.so.6)

#2 0x00007f3e179c0e2a n/a (libc.so.6)

#3 0x00007f3e179c0ea2 __assert_fail (libc.so.6)

#4 0x00007f3e178f9e15 avc_context_to_sid_raw (libselinux.so.1)

#5 0x00007f3e178f9e50 avc_context_to_sid (libselinux.so.1)

#6 0x00007f3e178fd05d selinux_check_access (libselinux.so.1)

#7 0x00007f3e17793b77 pam_sm_open_session (pam_selinux.so)

#8 0x00007f3e17fc7e04 n/a (libpam.so.0)

#9 0x000055b46ef6f077 n/a (sshd-session)

#10 0x000055b46ef3eca8 n/a (sshd-session)

#11 0x00007f3e179b4ae7 __libc_start_main (libc.so.6)

#12 0x000055b46ef3f6ba n/a (sshd-session)

-- Subject: 进程 28254 (sshd-session) 核心已转储

-- Defined-By: systemd

-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Documentation: man:core(5)

--

-- 进程 28254 (sshd-session) 已崩溃并进行核心转储。

--

-- 这通常意味着崩溃程序中存在编程错误,并应当将此错误向其开发者报告。

12月 04 17:31:37 localhost.localdomain systemd[1]: systemd-coredump@1-28259-0.service: Succeeded.

-- Subject: Unit succeeded

-- Defined-By: systemd

-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

--

-- The unit systemd-coredump@1-28259-0.service has successfully entered the 'dead' state.

12月 04 17:31:37 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@1-28259-0 comm="systemd" exe="/usr/lib/>

12月 04 17:31:37 localhost.localdomain sshd-session[28258]: Connection closed by authenticating user root 192.168.2.200 port 20381 [preauth]

12月 04 17:31:37 localhost.localdomain audit[28258]: USER_ERR pid=28258 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:bad_ident grantors=? acct="?" exe="/us>

12月 04 17:31:37 localhost.localdomain sshd[27954]: srclimit_penalise: ipv4: new 192.168.2.200/32 deferred penalty of 1 seconds for penalty: connections without attempting authentication

12月 04 17:31:37 localhost.localdomain dbus-daemon[1789]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'

12月 04 17:31:37 localhost.localdomain setroubleshoot[28261]: failed to retrieve rpm info for /usr/libexec/sshd-session

12月 04 17:31:37 localhost.localdomain setroubleshoot[28261]: SELinux is preventing /usr/libexec/sshd-session from create access on the netlink_selinux_socket labeled sshd_t. For complete SELinux messages>

12月 04 17:31:37 localhost.localdomain python3[28261]: SELinux is preventing /usr/libexec/sshd-session from create access on the netlink_selinux_socket labeled sshd_t.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that sshd-session should be allowed create access on the Unknown netlink_selinux_socket by default.

Then you should report this as a bug.

You can generate a local policy module to allow this access.

Do

allow this access for now by executing:

ausearch -c 'sshd-session' --raw | audit2allow -M my-sshdsession

semodule -X 300 -i my-sshdsession.pp

12月 04 17:31:54 localhost.localdomain [28291]: [tail -f /var/log/messages] return code=[130], execute failed by [root(uid=0)] from [pts/2 (192.168.2.200)]

12月 04 17:33:27 localhost.localdomain [28337]: [getenforce] return code=[0], execute success by [root(uid=0)] from [pts/2 (192.168.2.200)]

```

```

yum -y install audit policycoreutils-python-utils

```

```

ausearch -m avc -c sshd --raw | audit2allow

#============= sshd_t ==============

allow sshd_t self:netlink_selinux_socket create;

```

```
// 一定要来两遍

ausearch -c 'sshd-session' --raw | audit2allow -M my-sshdsession

semodule -X 300 -i my-sshdsession.pp

ausearch -c 'sshd-session' --raw | audit2allow -M my-sshdsession

semodule -X 300 -i my-sshdsession.pp

```

```

ausearch -c 'sshd-session' --raw | audit2allow

#============= sshd_t ==============

#!!!! This avc is allowed in the current policy

allow sshd_t self:netlink_selinux_socket { bind create };

```

保险起见,你最好关闭selinux:

```

setenforce 0

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/sysconfig/selinux

```

```

ssh -V

OpenSSH_10.2p1, OpenSSL 1.1.1f 31 Mar 2020

```

```

ssh root@192.168.2.167

/etc/crypto-policies/back-ends/openssh.config: line 3: Bad configuration option: gssapikexalgorithms

/etc/crypto-policies/back-ends/openssh.config: terminating, 1 bad configuration options

```

```

//禁用 GSSAPI 认证

sed -i '3s/^/# /' /etc/crypto-policies/back-ends/openssh.config

sed -i 's/^GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config

systemctl restart sshd

```

![image.png](https://upload-images.jianshu.io/upload_images/12979420-bfbd473552eadc85.png?imageMogr2/auto-orient/strip|imageView2/2/w/1240)

```

tail -f /var/log/messages

Dec 4 17:40:21 localhost [/bin/bash]: [> /var/log/messages] return code=[0], execute success by [root(uid=0)] from [pts/2 (192.168.2.200)]

Dec 4 17:40:30 localhost sshd-session[29168]: Connection from 192.168.2.200 port 22819 on 192.168.2.167 port 22 rdomain ""

Dec 4 17:40:30 localhost audit[29168]: USER_AUTH pid=29168 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost audit[29168]: USER_ACCT pid=29168 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29168]: Accepted password for root from 192.168.2.200 port 22819 ssh2

Dec 4 17:40:30 localhost audit[29168]: CRED_ACQ pid=29168 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost audit[29168]: USER_ROLE_CHANGE pid=29168 uid=0 auid=0 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29172]: Connection from 192.168.2.200 port 22820 on 192.168.2.167 port 22 rdomain ""

Dec 4 17:40:30 localhost systemd-logind[1883]: New session 18 of user root.

Dec 4 17:40:30 localhost systemd[1]: Started Session 18 of user root.

Dec 4 17:40:30 localhost audit[29168]: USER_START pid=29168 uid=0 auid=0 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29168]: User child is on pid 29174

Dec 4 17:40:30 localhost audit[29174]: CRED_ACQ pid=29174 uid=0 auid=0 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29174]: Starting session: shell on pts/6 for root from 192.168.2.200 port 22819 id 0

Dec 4 17:40:30 localhost audit[29175]: CRED_ACQ pid=29175 uid=0 auid=0 ses=18 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost audit[29172]: USER_AUTH pid=29172 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost audit[29172]: USER_ACCT pid=29172 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29172]: Accepted password for root from 192.168.2.200 port 22820 ssh2

Dec 4 17:40:30 localhost audit[29172]: CRED_ACQ pid=29172 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost audit[29172]: USER_ROLE_CHANGE pid=29172 uid=0 auid=0 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost systemd-logind[1883]: New session 19 of user root.

Dec 4 17:40:30 localhost systemd[1]: Started Session 19 of user root.

Dec 4 17:40:30 localhost audit[29172]: USER_START pid=29172 uid=0 auid=0 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29172]: User child is on pid 29243

Dec 4 17:40:30 localhost audit[29243]: CRED_ACQ pid=29243 uid=0 auid=0 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:30 localhost sshd-session[29243]: Starting session: subsystem 'sftp' for root from 192.168.2.200 port 22820 id 0

Dec 4 17:40:30 localhost audit[29244]: CRED_ACQ pid=29244 uid=0 auid=0 ses=19 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_faillock,pam_unix acct="root" exe="/usr/libexec/sshd-session" hostname=192.168.2.200 addr=192.168.2.200 terminal=ssh res=success'

Dec 4 17:40:31 localhost sftp-server[29244]: session opened for local user root from [192.168.2.200]

Dec 4 17:40:31 localhost sftp-server[29244]: opendir "/root"

Dec 4 17:40:31 localhost sftp-server[29244]: closedir "/root"

Dec 4 17:40:45 localhost systemd[1]: lvm2-lvmetad.service: Succeeded.

Dec 4 17:40:45 localhost audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=lvm2-lvmetad comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

```

```

ssh -vvv root@192.168.2.167

debug1: OpenSSH_10.2p1, OpenSSL 1.1.1f 31 Mar 2020

debug3: Running on Linux 4.19.90-2003.4.0.0036.oe1.x86_64 #1 SMP Mon Mar 23 19:10:41 UTC 2020 x86_64

debug3: Started with: ssh -vvv root@192.168.2.167

debug1: Reading configuration data /etc/ssh/ssh_config

debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0

debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf

debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1

debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config

debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]

debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *

debug2: resolve_canonicalize: hostname 192.168.2.167 is address

debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'

debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'

debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling

debug3: channel_clear_timeouts: clearing

debug3: ssh_connect_direct: entering

debug1: Connecting to 192.168.2.167 [192.168.2.167] port 22.

debug3: set_sock_tos: set socket 3 IP_TOS 0xb8

debug1: Connection established.

```

参考

openEuler

https://www.openeuler.openatom.cn/zh/

openEuler Repo

https://repo.openeuler.org

OpenEuler-20.03-LTS 配置

https://blog.csdn.net/qq_28652401/article/details/123396589

openEuler20.03-LTS-SP2配置阿里yum源

https://www.cnblogs.com/lightice/p/16931558.html

相关推荐
core5124 小时前
Nginx 实战:如何通过代理转发下载中文文件并保留原文件名
运维·nginx·代理·下载·转发
Energet!c7 小时前
Nginx access 日志通过 Filebeat 8.15.5 写入 Elasticsearch 8 实战指南
nginx·elasticsearch·filebeat·openresty
草根站起来7 小时前
ip版SSL证书
服务器·tcp/ip·ssl
福大大架构师每日一题8 小时前
nginx 1.29.4 发布:支持 HTTP/2 后端与加密客户端问候(ECH),多项功能优化与修复
运维·nginx·http
爱宇阳9 小时前
宝塔面板 + Nginx + Spring Boot 零停机滚动发布完整教程
运维·spring boot·nginx
全栈工程师修炼指南9 小时前
Nginx | HTTP 反向代理:对上游服务端返回响应处理实践
运维·网络·nginx·安全·http
凌寒119 小时前
ip地址归属地查询方法(纯真ip)
tcp/ip
serve the people10 小时前
AI 模型识别 Nginx 流量中爬虫机器人的防御机制
人工智能·爬虫·nginx
Evan芙10 小时前
基于Nginx和Python的动态站点安装配置
数据库·python·nginx
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)05Neo4j(一) - Neo4j安装教程(Windows)06【AutoGLM部署】本地私有化部署AI手机Agent07Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser08Open-AutoGLM Windows 安装部署教程09安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)10BongoCat - 跨平台键盘猫动画工具