1. 前置条件
首先安装telnet保证额外的连接,另外注意一旦卸载openssh那么久无法重新连接了,所以不能断开连接
yum install telnet* -y && \
systemctl start telnet.socket && \
systemctl enable telnet.socket && \
mv /etc/securetty /etc/securetty.bak && \
systemctl disable --now firewalld && \
yum remove -y openssl && \
yum remove -y openssh
2. 安装软件包
注意顺序不能乱因为存在依赖关系,否则会导致无法安装缺少依赖
rpm -ivh openssl-1.1.1w-1.el7.x86_64.rpm --nodeps && \
rpm -ivh openssh-9.5p1-1.el7.x86_64.rpm && \
rpm -ivh openssh-server-9.5p1-1.el7.x86_64.rpm && \
rpm -ivh openssh-clients-9.5p1-1.el7.x86_64.rpm && \
yum localinstall -y *.rpm
3. 配置软件
3.1 配置秘钥
生成一个秘钥,并且设置秘钥权限,如果不设置会导致sshd启动后无法读取秘钥,进而导致进程无法启动
##生成秘钥并且赋予权限
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" && \
chmod 600 /etc/ssh/ssh_host_*_key
3.2 修改配置文件
这里查询出的配置项必须保持一致,可以在此基础上增加其他的功能
[root@localhost ~]# grep ^[A-Z] /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
UsePAM yes
Subsystem sftp /usr/libexec/openssh/sftp-server
3.3 修复pam的sshd模块
##替换内容重启
vi /etc/pam.d/sshd
文件内容如下—一行都不能少,如果少会导致ssh服务正常,却无法登录
#%PAM-1.0
auth required pam_sepermit.so
auth substack password-auth
auth include postlogin
# Used with polkit to reauthorize users in remote sessions
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
3.4 重启服务
直接重启即可,如果遇到问题可以查看服务运行状态
systemctl daemon-reload && \
systemctl restart sshd
4 查看结果
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core) //查看操作系统版本
[root@localhost ~]# ssh -V
OpenSSH_9.5p1, OpenSSL 1.1.1w 11 Sep 2023 //查看SSH和SSL版本
好文阅读
发表评论