Logo

菜单

Rocky8.5更新OpenSSH

Administrator
发布于 2024-12-03 / 9 阅读 / 0 评论 / 0 点赞

Rocky8.5更新OpenSSH

Rocky8.5 更新到 OpenSSH_9.9p1

升级到 9.9p1 要求 OpenSSL 版本最低 1.1.1,自身 OpenSSL 就不需要升级了,只需要升级 OpenSSH 就行

[root@localhost]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021

安装

# 安装准备编译器等
yum install -y gcc zlib-devel openssl-devel make
# 下载最新包
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz

tar -xf openssh-9.9p1.tar.gz

cd openssh-9.9p1/

# 备份
cp -rf /etc/ssh /opt/ssh_bak

# 编译安装
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-privsep-path=/var/lib/sshd
make && make install

# 查看版本
systemctl restart sshd
ssh -V

遇到的问题

### 安装过程可能会遇到如下过程
# 1、权限问题
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
# 解决办法
chmod 600 /etc/ssh/ssh_host_*_key
chown root:root /etc/ssh/ssh_host_*_key


# 2、加密方式问题
/etc/ssh/sshd_config line 84: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 85: Unsupported option GSSAPICleanupCredentials
/etc/ssh/sshd_config line 101: Unsupported option UsePAM
# 解决办法,注释
sed -i '84s/^/#/' /etc/ssh/sshd_config
sed -i '85s/^/#/' /etc/ssh/sshd_config
sed -i '101s/^/#/' /etc/ssh/sshd_config

# 3、重启报错,遇到 Bad configuration option: GSSAPIKexAlgorithms
[root@localhost]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code.
See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@localhost]# journalctl -xeu sshd
-- Unit sshd.service has begun starting up.
Dec 03 01:33:06 localhost.localdomain sshd[14633]: command-line: line 0: Bad configuration option: GSSAPIKexAlgorithms
Dec 03 01:33:06 localhost.localdomain systemd[1]: sshd.service: Main process exited, code=exited, status=1/FAILURE
Dec 03 01:33:06 localhost.localdomain systemd[1]: sshd.service: Failed with result 'exit-code'.

# 解决办法,更换密钥算法
# 取消 /etc/sysconfig/sshd 中 #CRYPTO_POLICY= 的注释
# 注释 /etc/crypto-policies/back-ends/openssh.config 中的 GSSAPIKexAlgorithms 开头的整行
DockerRegistry设置密码
Kubernetes Readin...