Centos7ϵͳÉý¼¶OpenSSHµ½openssh-8.*°æ±¾µÄ·½·¨

Centos7 ϵͳĬÈÏÔ´ÖÐ OpenSSH ×îа汾ÊÇ OpenSSH_7.4p1£¬Òò´ËÎÞ·¨Í¨¹ý£ºyum update -y opensshÃüÁîÉý¼¶µ½¸ü¸ß°æ±¾¡£È»¶ø OpenSSH_7.4p1 °æ±¾ÒѾ­ÑÏÖØÂäºó²¢±»±¬³öÓжà¸ö¸ßΣ©¶´£¬ÏÂÃæ±¾ÎľͷÖÏíһϠCentos7.* ϵͳÉý¼¶ OpenSSH µ½ openssh-8.* °æ±¾µÄ·½·¨¡£

×¢Ò⣺Éý¼¶Ç°ÇëÎñ±Ø¶Ôϵͳ½øÐпìÕÕ±¸·Ý£¬ÒÔÃâÉý¼¶¹ý³ÌÖгöÏÖÒì³£ÎÞ·¨»Ö¸´¡£

ÏÂÔØrpm°ü£¨ÒÔ8.8ʾÀý£©

wget https://www.02405.com/wp-content/uploads/2022/06/openssh8.8-c7.tar.gz
tar -zxvf openssh8.8-c7.tar.gz

°²×°·½·¨Ò»£º

rpm -Uvh *.rpm

°²×°·½·¨¶þ£¨´Ë·½·¨»á×Ô¶¯´¦ÀíÒÀÀµ¹Øϵ£¬ÍƼöʹÓã©£º

yum install ./*.rpm

²¿·Ö»úÆ÷ʹÓ÷½·¨¶þ°²×°»áÌáʾÒÀÀµÎÊÌ⣬¿ÉÒÔʹÓÃÒÔÏ·½·¨£º

yum update *.rpm

ÖÁ´Ë£¬Éý¼¶Íê³É£¬Èç¹û֮ǰÉý¼¶¹ýµÄ£¬ÏÂÃæµÄ¾Í²»Óÿ´ÁË£¬Ö±½ÓпªSSHÖÕ¶ËÁ¬½Ó¼´¿É¡£

ÒòΪ OpenSSH Éý¼¶ºó£¬/etc/ssh/sshd_config »á»¹Ô­ÖÁĬÈÏ״̬£¬ÎÒÃÇÐèÒª½øÐÐÏàÓ¦ÅäÖãº

cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes"  >> /etc/ssh/sshd_config
systemctl restart sshd

×¢Ò⣺Éý¼¶ºóÖØÆôSSH¿ÉÄܳöÏÖÒÔÏ´íÎó£º

It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[FAILED]
sshd.service: control process exited, code=exited status=1
Failed to start SYSV: OpenSSH server daemon.
Unit sshd.service entered failed state.
sshd.service failed.

½â¾ö°ì·¨£º

chmod 0600 /etc/ssh/ssh_host_ed25519_key
service sshd restart

¼´¿É½â¾ö¡£

×¢Ò⣬/etc/pam.d/sshd Ò²Îļþ»á±»¸²¸Ç£¬ÎÒÃǽøÐл¹Ô­£º
ÏÈÇå¿Õ£º

>/etc/pam.d/sshd;

ÔÙ»¹Ô­£º

echo '#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth'>/etc/pam.d/sshd

ÖÁ´Ë£¬Éý¼¶Íê³É£¬Ïȱð¹Ø±ÕÖնˣ¬Ö±½ÓпªÒ»¸öÖնˣ¬Á¬½Óµ½·þÎñÆ÷²âÊÔ¡£

×¢Ò⣺Èç¹ûпªÖÕ¶ËÁ¬½ÓµÄʱ£¬root ÃÜÂ뱨´í£¬²¢ÇÒÒѾ­¸ù¾ÝÉÏÃæºóÐø²Ù×÷£¬ÄÇ¿ÉÄܾÍÊÇ SElinux µÄÎÊÌ⣬ÎÒÃǽøÐÐÁÙʱ½ûÓãº

setenforce 0

¼´¿ÉÕý³£µÇ¼£¬È»ºóÐÞ¸Ä /etc/selinux/config Îļþ£º

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

½øÐÐÓÀ¾Ã½ûÓÃSElinux¼´¿É¡£

¸½£º8.5-8.8°æ±¾±àÒëºÃµÄrpm°üÎļþ£¬ÄãÒ²¿ÉÒÔÏÂÔغóÊÖ¶¯ÉÏ´«µ½·þÎñÆ÷°²×°£¬°²×°·½·¨ÓëÉÏÃæÏàͬ¡£

±¾ÎÄ°²×°·½·¨¼°rpm°ü¾ùתÔØ×Ô£ºhttps://cikeblog.com/£¬¸Ðл´óÀзÖÏí¡£