当前位置：首页 > news >正文

Centos7升级到openssh9.9

news 文章来源：https://blog.csdn.net/leinchu/article/details/143016331 2024/11/29 6:39:07

openssh9.9 是2024.9.20出的最新版ssh。因为客户扫描出一大堆centos7的漏洞，全是这个openssh的，好多补丁，所以索性升级到最新版。

需要自己制作rpm包，这个我是不懂，照这个来：

Linux服务器升级openssh9.9最新版全过程，及遇到问题处理_openssh-server最新版本-CSDN博客

作者没有说明怎么处理异常，我这里是centos7的rpm：

https://download.csdn.net/download/leinchu/89896129

使用方法：

mkdir openssh9
mv openssh9.9.tar.gz openssh9
cd openssh9
tar xfz openssh9.9.tar.gz

rpm -ivh --nodeps --force openssh-9.9p1-1.el7.x86_64.rpm
rpm -ivh --nodeps --force openssh9.9.tar.gz
rpm -ivh --nodeps --force openssh-clients-9.9p1-1.el7.x86_64.rpm
rpm -ivh --nodeps --force openssh-debuginfo-9.9p1-1.el7.x86_64.rpm
rpm -ivh --nodeps --force openssh-server-9.9p1-1.el7.x86_64.rpm

ssh-keygen -A

chmod 600 /etc/ssh/ssh_host_ed25519_key
chown root:root /etc/ssh/ssh_host_ed25519_key

sudo chmod 600 /etc/ssh/ssh_host_rsa_key
chown root:root /etc/ssh/ssh_host_rsa_key

sudo chmod 600 /etc/ssh/ssh_host_ecdsa_key
chown root:root /etc/ssh/ssh_host_ecdsa_key

sshd -t -f /etc/ssh/sshd_config
mv /etc/pam.d/sshd /etc/pam.d/sshdbak
vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth

systemctl restart sshd

--------------------------------

验证：ssh -V

遇到的报错：

Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
sshd: no hostkeys available -- exiting

Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Oct 17 11:57:33 snmp sshd[139477]: It is required that your private key files are NOT accessible by others.
Oct 17 11:57:33 snmp sshd[139477]: This private key will be ignored.
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
Oct 17 11:57:33 snmp systemd[1]: sshd.service: main process exited, code=exited, status=1/FAILURE
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key: /etc/ssh/ssh_host_rsa_key
Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Oct 17 11:57:33 snmp sshd[139477]: It is required that your private key files are NOT accessible by others.
Oct 17 11:57:33 snmp sshd[139477]: This private key will be ignored.
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": bad permissions
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Oct 17 11:57:33 snmp sshd[139477]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Oct 17 11:57:33 snmp sshd[139477]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Oct 17 11:57:33 snmp sshd[139477]: It is required that your private key files are NOT accessible by others.
Oct 17 11:57:33 snmp sshd[139477]: This private key will be ignored.
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Oct 17 11:57:33 snmp sshd[139477]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
Oct 17 11:57:33 snmp sshd[139477]: sshd: no hostkeys available -- exiting.
Oct 17 11:57:33 snmp systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
Oct 17 11:57:33 snmp systemd[1]: Unit sshd.service entered failed state.
Oct 17 11:57:33 snmp systemd[1]: sshd.service failed.
Oct 17 11:57:33 snmp polkitd[7888]: Unregistered Authentication Agent for unix-process:139470:389161800 (system bus name :1.41641, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Oct 17 11:58:01 snmp systemd[1]: Created slice User Slice of pcp.
-- Subject: Unit user-994.slice has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit user-994.slice has finished starting up.
--
-- The start-up result is done.
Oct 17 11:58:01 snmp systemd[1]: Started Session 13127 of user pcp.
-- Subject: Unit session-13127.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-13127.scope has finished starting up.
--
-- The start-up result is done.
Oct 17 11:58:01 snmp CROND[139602]: (pcp) CMD ( /usr/libexec/pcp/bin/pmie_check -C)
Oct 17 11:58:01 snmp systemd[1]: Removed slice User Slice of pcp.
-- Subject: Unit user-994.slice has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit user-994.slice has finished shutting down.

Centos7升级到openssh9.9

相关文章：

Centos7升级到openssh9.9

使用 STM32F407 串口实现 485 通信

基于NERF技术重建学习笔记

webView 支持全屏播放

QGIS之三十二DEM地形导出三维模型gltf

【python爬虫】携程旅行景点游客数据分析与可视化

python实现onvif协议下控制摄像头变焦,以及融合人形识别与跟踪控制

【Vue】Vue3.0（十四）接口，泛型和自定义类型的概念及使用

【C++】红黑树万字详解（一文彻底搞懂红黑树的底层逻辑）

开源FluentFTP实操，操控FTP文件

论文解读 | ECCV2024 AutoEval-Video：一个用于评估大型视觉-语言模型在开放式视频问答中的自动基准测试...

postgresql14主从同步流复制搭建

企业信息化管理中的数据集成方案：销售出库单对接

3.cpp基本数据类型

MCK主机加固与防漏扫的深度解析

《软件估算之原始功能点：精准度量软件规模的关键》

序列化与反序列化

安装nginx实现多ip访问多网站

每日回顾：简单用C写冒泡排序、快速排序

前端_007_Axios库

NAND FLASH 与 SPI FLASH

QTCreator打不开双击没反应

vue npm run ...时报错-系统找不到指定的路径

54页可编辑PPT | 大型集团企业数据治理解决方案

STM32嵌入式移植GmSSL库

【mod分享】极品飞车10高清模组，，全新道路，全新建筑，高清植被，全新的道路围栏，全新的天空，画质直逼极品飞车20。支持光追

使用U-KAN训练自己的数据集 — 医疗影像分割

游戏盾在防御DDoS与CC攻击中的作用与实现

为什么说红帽认证（RHCE）是网络工程师的万金油证书？

89.【C语言】编译和链接

清远市建设工程造价信息网站/最近有哪些新闻

网站申请备案要多久/线上推广100种方式

商务网站建设实训结论/石家庄百度推广排名优化

深圳网站设计公司哪个/计算机培训

网站制作价/成品网站1688入口网页版怎样

wordpress支持大文件上传/免费b站动漫推广网站2023