openssh升级到8.0版本后发现最大连接数在普通用户下不能更改,查阅资料发现是升级8.0的时候操作步骤有问题,经研究之后整理一下,并分享给大家。此次升级直接升级openssh8.4版本。
1.查看openssh现在的版本:
#sshd -V
unknown option -- V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
2.查看openssh安装的方式:
#rpm -qa|grep openssh
openssh-clients-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
建议:如果是物理机为了避免openssh升级出现故障,在升级前建议安装telnet,使用yum安装步骤如下:
yum install -y telnet-server xinetd --安装
echo -e 'pts/0\pts/1\npts/2\pts/3' >>/etc/securetty
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
如果是虚拟机可以使用回滚的方式,使用yum安装原来版本的openssh
3.备份文件,需要备份的是openssh从来都没有升级过的文件,对于openfile非常重要:
mkdir /openssh.bak
cp /etc/pam.d/sshd /openssh.bak
4.卸载原openssh的安装包:
rpm安装,卸载方式:
rpm -e `rpm -qa | grep openssh` --nodeps
源码安装的,找到之前的安装包,在里面执行 :
make uninstall
5安装升级必要的软件:
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
6.开始升级openssh8.4版本:
解压压缩文件:
tar -xf openssh-8.4p1.tar.gz
进入到openssh目录下:
cd openssh-8.4p1/
进行如下操作:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam
make&make install
常出现了报错:
ssh-keygen: generating new host keys: DSA
/usr/sbin/sshd -t -f /etc/ssh/sshd_config
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
[1]+ Exit 2 make
解决办法:
chmod 600 /etc/ssh/ssh_host_*
继续升级:
cp contrib/redhat/sshd.pam /etc/pam.d/sshd
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.4p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.4p1
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'UsePAM yes' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
cp /openssh.bak/sshd /etc/pam.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
查看升级后的版本:
sshd -V
unknown option -- V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
重启ssh服务:
systemctl restart sshd
7.修改open file参数:
在vim /etc/security/limits.conf配置文件里最后一行添加:
* soft nofile 65535
* hard nofile 65535
:wq!
8.切换到普通用户下验证最大连接数,显示升级成功:
ulimit -n