Centos7 ϵͳĬÈÏÔ´ÖÐ OpenSSH ×îа汾ÊÇ OpenSSH_7.4p1£¬Òò´ËÎÞ·¨Í¨¹ý£ºyum update -y openssh
ÃüÁîÉý¼¶µ½¸ü¸ß°æ±¾¡£È»¶ø OpenSSH_7.4p1 °æ±¾ÒѾÑÏÖØÂäºó²¢±»±¬³öÓжà¸ö¸ßΣ©¶´£¬ÏÂÃæ±¾ÎľͷÖÏíһϠCentos7.* ϵͳÉý¼¶ OpenSSH µ½ openssh-8.* °æ±¾µÄ·½·¨¡£
×¢Ò⣺Éý¼¶Ç°ÇëÎñ±Ø¶Ôϵͳ½øÐпìÕÕ±¸·Ý£¬ÒÔÃâÉý¼¶¹ý³ÌÖгöÏÖÒì³£ÎÞ·¨»Ö¸´¡£
ÏÂÔØrpm°ü£¨ÒÔ8.8ʾÀý£©
wget https://www.02405.com/wp-content/uploads/2022/06/openssh8.8-c7.tar.gz tar -zxvf openssh8.8-c7.tar.gz
°²×°·½·¨Ò»£º
rpm -Uvh *.rpm
°²×°·½·¨¶þ£¨´Ë·½·¨»á×Ô¶¯´¦ÀíÒÀÀµ¹Øϵ£¬ÍƼöʹÓã©£º
yum install ./*.rpm
²¿·Ö»úÆ÷ʹÓ÷½·¨¶þ°²×°»áÌáʾÒÀÀµÎÊÌ⣬¿ÉÒÔʹÓÃÒÔÏ·½·¨£º
yum update *.rpm
ÖÁ´Ë£¬Éý¼¶Íê³É£¬Èç¹û֮ǰÉý¼¶¹ýµÄ£¬ÏÂÃæµÄ¾Í²»Óÿ´ÁË£¬Ö±½ÓпªSSHÖÕ¶ËÁ¬½Ó¼´¿É¡£
ÒòΪ OpenSSH Éý¼¶ºó£¬/etc/ssh/sshd_config »á»¹ÔÖÁĬÈÏ״̬£¬ÎÒÃÇÐèÒª½øÐÐÏàÓ¦ÅäÖãº
cd /etc/ssh/ chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key echo "PermitRootLogin yes" >> /etc/ssh/sshd_config echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config systemctl restart sshd
×¢Ò⣺Éý¼¶ºóÖØÆôSSH¿ÉÄܳöÏÖÒÔÏ´íÎó£º
It is required that your private key files are NOT accessible by others. This private key will be ignored. Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions Unable to load host key: /etc/ssh/ssh_host_ed25519_key sshd: no hostkeys available -- exiting. [FAILED] sshd.service: control process exited, code=exited status=1 Failed to start SYSV: OpenSSH server daemon. Unit sshd.service entered failed state. sshd.service failed.
½â¾ö°ì·¨£º
chmod 0600 /etc/ssh/ssh_host_ed25519_key service sshd restart
¼´¿É½â¾ö¡£
×¢Ò⣬/etc/pam.d/sshd Ò²Îļþ»á±»¸²¸Ç£¬ÎÒÃǽøÐл¹Ô£º
ÏÈÇå¿Õ£º
>/etc/pam.d/sshd;
ÔÙ»¹Ô£º
echo '#%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth'>/etc/pam.d/sshd
ÖÁ´Ë£¬Éý¼¶Íê³É£¬Ïȱð¹Ø±ÕÖնˣ¬Ö±½ÓпªÒ»¸öÖնˣ¬Á¬½Óµ½·þÎñÆ÷²âÊÔ¡£
×¢Ò⣺Èç¹ûпªÖÕ¶ËÁ¬½ÓµÄʱ£¬root ÃÜÂ뱨´í£¬²¢ÇÒÒѾ¸ù¾ÝÉÏÃæºóÐø²Ù×÷£¬ÄÇ¿ÉÄܾÍÊÇ SElinux µÄÎÊÌ⣬ÎÒÃǽøÐÐÁÙʱ½ûÓãº
setenforce 0
¼´¿ÉÕý³£µÇ¼£¬È»ºóÐÞ¸Ä /etc/selinux/config Îļþ£º
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
½øÐÐÓÀ¾Ã½ûÓÃSElinux¼´¿É¡£
¸½£º8.5-8.8°æ±¾±àÒëºÃµÄrpm°üÎļþ£¬ÄãÒ²¿ÉÒÔÏÂÔغóÊÖ¶¯ÉÏ´«µ½·þÎñÆ÷°²×°£¬°²×°·½·¨ÓëÉÏÃæÏàͬ¡£
±¾ÎÄ°²×°·½·¨¼°rpm°ü¾ùתÔØ×Ô£ºhttps://cikeblog.com/£¬¸Ðл´óÀзÖÏí¡£