传openssh8.7的包到主机
停防火墙或允许telnet的23端口
service iptables stop
安装telnet方式防止ssh卸载后无法登录
yum install -y telnet-server
systemctl start telnet.socket
systemctl enable telnet.socket
用其他主机telnet连上需升级主机(单独创建个账号,非root登录后su - root),使用top命令防止窗口超时
adduser telnet
passwd telnet
Password!23+
卸载rpm -qa|grep openssh,查看已安装的并卸载,注意client不要卸载依赖要加上--nodeps
rpm -e openssh-server-8.1p1-1.el7.x86_64
rpm -e openssh-clients-8.1p1-1.el7.x86_64 --nodeps
rpm -e openssh-debuginfo-8.1p1-1.el7.x86_64
rpm -e openssh-8.1p1-1.el7.x86_64
安装openssh
rpm -ivh openssh-8.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-server-8.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-clients-8.7p1-1.el7.centos.x86_64.rpm
rpm -ivh openssh-debuginfo-8.7p1-1.el7.centos.x86_64.rpm
修改key权限并重启openssh
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_rsa_key
service sshd restart
service sshd status
检查sshd是否开机启动和查看ssh版本
chkconfig --list
ssh -V
重装会改回默认配置
如果只有root用户需检查/etc/ssh/sshd_config配置允许root远程登陆,否则root直接登陆不了
PermitRootLogin yes
或者是将旧配置替换成新配置
mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
正常后卸载telnet,清理telnet账号
systemctl stop telnet.socket
yum remove -y telnet-server
userdel telnet
开防火墙
service iptables stop
评论1