Cenos 7.2 升级OpenSSH 8.0 升级步骤及排错

Cenos 7.2 升级OpenSSH 8.0 升级步骤及排错

1.获取OpenSSH 8.0

wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz

2.安装依赖并解压

yum install openssl-devel -y
tar xvf openssh-8.0p1.tar.gz

3.编译

cd openssh-8.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh
make
make install

4.处理报错

编译后会出现以下错误

/etc/ssh/sshd_config line 92: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 95: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 111: Unsupported option UsePAM
/etc/ssh/sshd_config line 124: Deprecated option UsePrivilegeSeparation
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)

• a).删除对应的KEY

rm -rf /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub

• b).创建新的KEY

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key

• c).重新编译

make install

• d).注释掉报错行

sed -i s/GSSAPIAuthentication/#GSSAPIAuthentication/g /etc/ssh/sshd_config
sed -i s/GSSAPICleanupCredentials/#GSSAPICleanupCredentials/g /etc/ssh/sshd_config
sed -i s/UsePAM/#UsePAM/g /etc/ssh/sshd_config
sed -i s/UsePrivilegeSeparation/#UsePrivilegeSeparation/g /etc/ssh/sshd_config

• e).允许root登陆

sed -i s/#PermitRootLogin/PermitRootLogin/g /etc/ssh/sshd_config

5.查看版本并启动服务

#查看ssh的版本
ssh -V

#开机启动sshd
systemctl enable sshd

#重启sshd刷新配置
systemctl restart sshd