zoukankan      html  css  js  c++  java
  • ssh服务升级8.1

    檢查環境:

    [root@test]# ssh -V
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

    為保證順利升級:

    請務必確定系統版本為:CentOS7

    請確定openssh版本為7.x,openssl版本為 OpenSSL 1.0.2k及以上。(正常來說,系統都為以上版本。)

    下載:

    wget https://cikeblog.com/s/openssh8.1.tar.gz
    tar -zxvf openssh8.1.tar.gz

    安裝方法一:

    rpm -Uvh *.rpm

    安裝方法二(此方法會自動處理依懶關係):

    yum install ./*.rpm

    安裝後會如下提示:

    [root@test ~]# rpm -Uvh *.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:openssh-8.1p1-1.el7              ################################# [ 14%]
       2:openssh-clients-8.1p1-1.el7      ################################# [ 29%]
       3:openssh-server-8.1p1-1.el7       ################################# [ 43%]
       4:openssh-debuginfo-8.1p1-1.el7    ################################# [ 57%]
    Cleaning up / removing...
       5:openssh-server-7.4p1-16.el7      ################################# [ 71%]
       6:openssh-clients-7.4p1-16.el7     ################################# [ 86%]
       7:openssh-7.4p1-16.el7             ################################# [100%]
    [root@test ~]# ssh -V
    OpenSSH_8.1p1, OpenSSL 1.0.2k-fips  26 Jan 2017
    [root@768 ~]#

    至此,升級完成,因為OPENSSH升級後,/etc/ssh/sshd_config會還原至默認狀態,我們需要進行相應配置:

    cd /etc/ssh/
    chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
    echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
    echo "PasswordAuthentication yes"  >> /etc/ssh/sshd_config
    systemctl restart sshd

    並且,/etc/pam.d/sshd也文件會被覆蓋,我們進行還原:
    先清空:

    >/etc/pam.d/sshd;

    再還原:

    echo '#%PAM-1.0
    auth       required     pam_sepermit.so
    auth       include      password-auth
    account    required     pam_nologin.so
    account    include      password-auth
    password   include      password-auth
    # pam_selinux.so close should be the first session rule
    session    required     pam_selinux.so close
    session    required     pam_loginuid.so
    # pam_selinux.so open should only be followed by sessions to be executed in the user context
    session    required     pam_selinux.so open env_params
    session    optional     pam_keyinit.so force revoke
    session    include      password-auth'>/etc/pam.d/sshd

    至此,升級完成,先別關閉終端,直接新開一個終端,連接到服務器測試。

    注意:如果新開終端連接的時,root密碼報錯,並且已經根據上面後續操作,那可能就是SElinux的問題,我們進行臨時禁用:

    setenforce 0

    即可正常登錄,然後修改/etc/selinux/config 文件:

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

    進行永久禁用SElinux即可。

    注意:
    如果Centos7默認openssl版本不為OpenSSL 1.0.2k,就需要先進行升級:

    yum install openssl -y
  • 相关阅读:
    sp2010 升级sp2013 用户无法打开网站
    powerviot install in sharepoint 2013
    can not connect cube in performancce dashboard
    westrac server security configure user info
    添加报表服务在多服务器场
    sharepoint 2013 office web app 2013 文档在线浏览 IE11 浏览器不兼容解决方法
    delete job definition
    目前付款申请单内网打开慢的问题
    item style edit in sharepoint 2013
    Could not load file or assembly '$SharePoint.Project.AssemblyFullName$'
  • 原文地址:https://www.cnblogs.com/bidad/p/13296252.html
Copyright © 2011-2022 走看看