Centos7下rpm升级OpenSSH到openssh
openssh-8.5p1版本分享
注意:如果机器做过安全基线整改,建议先自行备份/etc/pam.d/sshd文件,升级后,此文件会被覆盖,如果未修改过,按照文章后续的进行覆盖即可。亦请务必确定系统版本为:CentOS7。
下载:
wget https://cikeblog.com/s/openssh-8.5p1-1.el7.tar.gztar -zxvf openssh-8.5p1-1.el7.tar.gz
安装方法一:
rpm -Uvh *.rpm
安装方法二(此方法会自动处理依懒关系):
yum install ./*.rpm
部分机器使用方法二安装会提示依赖问题,可以使用以下方法:
yum update *.rpm
至此,升级完成,如果之前升级过的,下面的就不用看了,直接新开SSH终端连接即可。
因为OPENSSH升级后,/etc/ssh/sshd_config会还原至默认状态,我们需要进行相应配置:
cd /etc/ssh/chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_keyecho "PermitRootLogin yes" >> /etc/ssh/sshd_configecho "PasswordAuthentication yes" >> /etc/ssh/sshd_configsystemctl restart sshd
注意:升级后重启SSH可能出现以下错误:
It is required that your private key files are NOT accessible by others.This private key will be ignored.Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissionsUnable to load host key: /etc/ssh/ssh_host_ed25519_keysshd: no hostkeys available -- exiting.[FAILED]sshd.service: control process exited, code=exited status=1Failed to start SYSV: OpenSSH server daemon.Unit sshd.service entered failed state.sshd.service failed.
解决办法:
chmod 0600 /etc/ssh/ssh_host_ed25519_keyservice sshd restart
即可解决。
注意,/etc/pam.d/sshd也文件会被覆盖,我们进行还原:
先清空:
>/etc/pam.d/sshd;
再还原:
echo '#%PAM-1.0auth required pam_sepermit.soauth include password-authaccount required pam_nologin.soaccount include password-authpassword include password-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession required pam_loginuid.so# pam_selinux.so open should only be followed by sessions to be executed in the user contextsession required pam_selinux.so open env_paramssession optional pam_keyinit.so force revokesession include password-auth'>/etc/pam.d/sshd
至此,升级完成,先别关闭终端,直接新开一个终端,连接到服务器测试。
注意:如果新开终端连接的时,root密码报错,并且已经根据上面后续操作,那可能就是SElinux的问题,我们进行临时禁用:
setenforce 0
即可正常登录,然后修改/etc/selinux/config 文件:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
进行永久禁用SElinux即可。
赞 (0)