最近将 Centos 7 服务器上的 OpenSSH 升级到了8.8版本,升级过程参照:Centos7系统升级OpenSSH到openssh-8.*版本的方法 一切顺利,但是升级完之后发现无法远程登录了,确认密码是正确的,但是远程登录仍然提示 access denied。

因为 OpenSSH 升级后,/etc/ssh/sshd_config 会还原至默认状态,我们需要进行相应配置:

cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes"  >> /etc/ssh/sshd_config
systemctl restart sshd

同样,OpenSSH 升级后 /etc/pam.d/sshd 文件的内容会被覆盖,我们要还原到之前的配置:

先清空:

>/etc/pam.d/sshd;
再写入之前的配置:
echo '#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth'>/etc/pam.d/sshd

注意上面的代码,是向 /etc/pam.d/sshd 中写入文件,如果你安装了宝塔之类的,那么可以编辑文件,直接保存下面的代码(注意两者区别)

#%PAM-1.0
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

好了,现在就可以开终端测试一下远程登录了,如果还是不可以,那么通过以下命令临时禁用 SElinux:

setenforce 0

这回就可以正常登录了,登录之后再永久禁用 SElinux:

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

附:如果升级 OpenSSH 后,重启时提示如下错误:

It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
[FAILED]
sshd.service: control process exited, code=exited status=1
Failed to start SYSV: OpenSSH server daemon.
Unit sshd.service entered failed state.
sshd.service failed.

请运行下面命令:

chmod 0600 /etc/ssh/ssh_host_ed25519_key
service sshd restart
(adsbygoogle = window.adsbygoogle || []).push({});