最近将 Centos 7 服务器上的 OpenSSH 升级到了8.8版本,升级过程参照:Centos7系统升级OpenSSH到openssh-8.*版本的方法 一切顺利,但是升级完之后发现无法远程登录了,确认密码是正确的,但是远程登录仍然提示 access denied。
因为 OpenSSH 升级后,/etc/ssh/sshd_config 会还原至默认状态,我们需要进行相应配置:
cd /etc/ssh/ chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key echo "PermitRootLogin yes" >> /etc/ssh/sshd_config echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config systemctl restart sshd
同样,OpenSSH 升级后 /etc/pam.d/sshd 文件的内容会被覆盖,我们要还原到之前的配置:
先清空:
>/etc/pam.d/sshd;
再写入之前的配置:
echo '#%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth'>/etc/pam.d/sshd
注意上面的代码,是向 /etc/pam.d/sshd 中写入文件,如果你安装了宝塔之类的,那么可以编辑文件,直接保存下面的代码(注意两者区别)
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
好了,现在就可以开终端测试一下远程登录了,如果还是不可以,那么通过以下命令临时禁用 SElinux:
setenforce 0
这回就可以正常登录了,登录之后再永久禁用 SElinux:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
附:如果升级 OpenSSH 后,重启时提示如下错误:
It is required that your private key files are NOT accessible by others. This private key will be ignored. Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions Unable to load host key: /etc/ssh/ssh_host_ed25519_key sshd: no hostkeys available -- exiting. [FAILED] sshd.service: control process exited, code=exited status=1 Failed to start SYSV: OpenSSH server daemon. Unit sshd.service entered failed state. sshd.service failed.
请运行下面命令:
chmod 0600 /etc/ssh/ssh_host_ed25519_key service sshd restart