aarch64鲲鹏国产服务器BigCloud Enterprise Linux For Euler 22.10升级OpenSSH_10.0p2, OpenSSL 3.5.1 1
aarch64鲲鹏国产服务器BigCloud Enterprise Linux For Euler 22.10升级OpenSSH_10.0p2, OpenSSL 3.5.1 1
aarch64鲲鹏国产服务器BigCloud Enterprise Linux For Euler 22.10升级OpenSSH_10.0p2, OpenSSL 3.5.1 1备份ssh配置文件:
cp /etc/pam.d/sshd /etc/pam.d/sshd_bak20260420
cp /etc/ssh/sshd_config /etc/ssh//sshd_config_bak20260420
- 解压 tar 包 ,请见资源下载
cd /tmp
unzip aarch64鲲鹏国产服务器BigCloud Enterprise Linux For Euler 22.10.zip
解压里面文件:
openssh-10.0p1-1.el8.aarch64.rpm
openssh-clients-10.0p1-1.el8.aarch64.rpm
openssh-clients-debuginfo-10.0p1-1.el8.aarch64.rpm
openssh-debuginfo-10.0p1-1.el8.aarch64.rpm
openssh-debugsource-10.0p1-1.el8.aarch64.rpm
openssh-server-10.0p1-1.el8.aarch64.rpm
openssh-server-debuginfo-10.0p1-1.el8.aarch64.rpm
- 卸载冲突包 openssh-help
rpm -e --nodeps openssh-help
说明:
openssh-help 是文档包,不影响运行,但升级时会冲突,因此先卸载。
- 安装 OpenSSH 10.0p1 RPM
rpm -Uvh openssh-10.0p1-1.el8.aarch64.rpm
openssh-clients-10.0p1-1.el8.aarch64.rpm
openssh-server-10.0p1-1.el8.aarch64.rpm
?? rpm -Uvh 会自动覆盖旧版本
?? 升级期间不会影响现有 config 文件
#完成安装后:恢复/etc/pam.d/sshd文件:
cat /etc/pam.d/sshd_bak20260422 > /etc/pam.d/sshd
cat /etc/ssh/sshd_config_bak20260422 > /etc/ssh/sshd_config
- 修改 SSH 配置文件
编辑文件:
vim /etc/ssh/sshd_config
找到下面三项:
目前花溪裸金属只要注释:GSSAPIKexAlgorithms
另外两个是没有的
sed -i ‘/[#]*GSSAPIKexAlgorithms/s//#/’ /etc/ssh/sshd_config
RSAAuthentication
RhostsRSAAuthentication
GSSAPIKexAlgorithms
并注释掉它们:
RSAAuthentication
RhostsRSAAuthentication
GSSAPIKexAlgorithms
?? 为什么要注释?
在 OpenSSH 10 中,这些参数:
参数状态RSAAuthentication已废弃RhostsRSAAuthentication已废弃GSSAPIKexAlgorithms不再支持
不注释会导致:
/etc/ssh/sshd_config: bad configuration option
并使 sshd 无法启动。
- 检查 sshd 配置是否正确
sshd -t
输出为空 = 正常
- 重启 SSH 服务
关闭 GSSAPI(避免启动失败)
sed -i ‘s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/’ /etc/ssh/sshd_config
sed -i ‘s/^GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/’ /etc/ssh/sshd_config
systemctl restart sshd
查看状态:
systemctl status sshd
预期输出为 active (running)
- 查看侦听端口
netstat -lntp | grep sshd
示例:
tcp 0 0 0.0.0.0:1022 … LISTEN
- 查看 OpenSSH 版本(验证成功)
/usr/sbin/sshd -V
输出:
OpenSSH_10.0p1 …
- 让 sshd 开机自启
systemctl enable sshd
如果报以下错启不来,记得加上权限执行以下命令:
chmod 600 /etc/ssh/ssh_host_*key && chown root:root /etc/ssh/ssh_host_*key
查看状态:
systemctl status sshd
– 报错:
[root@iaasce97323-Computer openssh-10.2p1-bclinux21.10]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; generated)
Active: failed (Result: exit-code) since Wed 2026-04-22 11:29:28 CST; 9s ago
Docs: man:systemd-sysv-generator(8)
Process: 994898 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: Permissions 0640 for ‘/etc/ssh/ssh_host_ed25519_key’ are too open.
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: It is required that your private key files are NOT accessible by others.
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: This private key will be ignored.
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: Unable to load host key “/etc/ssh/ssh_host_ed25519_key”: bad permissions
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: Unable to load host key: /etc/ssh/ssh_host_ed25519_key
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: sshd: no hostkeys available – exiting.
Apr 22 11:29:28 iaasce97323-Computer systemd[1]: sshd.service: Control process exited, code=exited, status=1/FAILURE
Apr 22 11:29:28 iaasce97323-Computer systemd[1]: sshd.service: Failed with result ‘exit-code’.
Apr 22 11:29:28 iaasce97323-Computer systemd[1]: Failed to start SYSV: OpenSSH server daemon.
Apr 22 11:29:28 iaasce97323-Computer sshd[994898]: [FAILED]
openEuler 是由开放原子开源基金会孵化的全场景开源操作系统项目,面向数字基础设施四大核心场景(服务器、云计算、边缘计算、嵌入式),全面支持 ARM、x86、RISC-V、loongArch、PowerPC、SW-64 等多样性计算架构
更多推荐
5
0- 0
已为社区贡献1条内容
所有评论(0)