Cenos 7.2 升级OpenSSH 8.0 升级步骤及排错

Cenos 7.2 升级OpenSSH 8.0 升级步骤及排错

1.获取OpenSSH 8.0
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
2.安装依赖并解压
yum install openssl-devel -y
tar xvf openssh-8.0p1.tar.gz
3.编译
cd openssh-8.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh
make
make install
4.处理报错

编译后会出现以下错误

/etc/ssh/sshd_config line 92: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 95: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 111: Unsupported option UsePAM
/etc/ssh/sshd_config line 124: Deprecated option UsePrivilegeSeparation
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
  • a).删除对应的KEY
rm -rf /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
  • b).创建新的KEY
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key
  • c).重新编译
make install
  • d).注释掉报错行
sed -i s/GSSAPIAuthentication/#GSSAPIAuthentication/g /etc/ssh/sshd_config
sed -i s/GSSAPICleanupCredentials/#GSSAPICleanupCredentials/g /etc/ssh/sshd_config
sed -i s/UsePAM/#UsePAM/g /etc/ssh/sshd_config
sed -i s/UsePrivilegeSeparation/#UsePrivilegeSeparation/g /etc/ssh/sshd_config
  • e).允许root登陆
sed -i s/#PermitRootLogin/PermitRootLogin/g /etc/ssh/sshd_config
5.查看版本并启动服务
#查看ssh的版本
ssh -V

#开机启动sshd
systemctl enable sshd

#重启sshd刷新配置
systemctl restart sshd

你可能感兴趣的:(系统管理工具)