一、背景说明
Centos7.9 默认安装的openssh 版本为7.4p1,经绿盟扫描,存在高危漏洞,需要升级到最新。官网只提供编译安装包,为了方便升级,先通过编译安装包,制作rpm包,并进行升级openssh 9.3p2 for Centos7.9版本,及升级指引。
- 升级Make
[root@220-191 ~]# cd /usr/local/src
下载make-4.3
[root@220-191 src]# wget https://mirrors.aliyun.com/gnu/make/make-4.3.tar.gz
#解压#
[root@220-191 src]# tar xf make-4.3.tar.gz
[root@220-191 src]# cd make-4.3/
#创建编译目录#
[root@220-191 make-4.3]# mkdir build
[root@220-191 make-4.3]# cd build
#检测编译环境和构建配置文件#
[root@220-191 build]# ../configure --prefix=/usr/local/make
#编译安装#
[root@220-191 build]# make && make install
#创建命令软连接#
[root@106-197 build]# ln -sf /usr/local/make/bin/make /usr/bin/make
#查看make版本#
[root@106-197 build]# make -v
GNU Make 4.3
Built for x86_64-pc-linux-gnu
Copyright (C) 1988-2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
- 升级 gcc到9.3.0
[root@220-191 ~]# cd /usr/local/src
#安装依赖#
[root@220-191 src]# yum install -y gcc-c++ glibc-devel mpfr-devel libmpc-devel gmp-devel glibc-devel.i686 bzip2
#下载gcc-9.30#
[root@220-191 src]# wget https://ftp.gnu.org/gnu/gcc/gcc-9.3.0/gcc-9.3.0.tar.gz --no-check-certificate
[root@220-191 src]# tar -xf gcc-9.3.0.tar.gz
[root@220-191 src]# cd gcc-9.3.0
[root@220-191 gcc-9.3.0]# ./contrib/download_prerequisites
gmp-6.1.0.tar.bz2: OK
mpfr-3.1.4.tar.bz2: OK
mpc-1.0.3.tar.gz: OK
isl-0.18.tar.bz2: OK
All prerequisites downloaded successfully.
#以上缺哪个包需要手动yum安装#
[root@220-191 gcc-9.3.0]# mkdir build
[root@220-191 gcc-9.3.0]# cd build
[root@220-191 build]# ../configure --enable-checking=release --enable-language=c,c++ --disable-multilib --prefix=/usr/
[root@220-191 build]# make -j4
[root@220-191 build]# make install
[root@220-191 build]# gcc -v
- 升级GLIBC到2.31
#查看当前GLIBC版本#
[root@220-191 ~]# strings /lib64/libc.so.6 | grep -E "^GLIBC" | sort -V | uniq
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
[root@220-191 ~]# cd /usr/local/src
[root@220-191 src]#
#下载Glibc-2.31#
[root@220-191 src]# wget https://mirrors.aliyun.com/gnu/glibc/glibc-2.31.tar.gz
[root@220-191 src]# tar xf glibc-2.31.tar.gz
[root@220-191 src]# cd glibc-2.31/
[root@220-191 glibc-2.31]# yum install binutils texinfo bison -y
[root@220-191 glibc-2.31]# mkdir build
[root@220-191 glibc-2.31]# cd build
[root@220-191 build]# ../configure --prefix=/usr --disable-profile --enable-add-ons --with-headers=/usr/include --with-binutils=/usr/bin --disable-sanity-checks --disable-werror
[root@220-191 build]# make -j4
[root@220-191 build]# make install
PS:以下报错可忽略:
/usr/bin/ld: cannot find -lnss_test2
collect2: error: ld returned 1 exit status
Execution of gcc -B/usr/bin/ failed!
The script has found some problems with your installation!
Please read the FAQ and the README file and check the following:
- Did you change the gcc specs file (necessary after upgrading from
Linux libc5)?
- Are there any symbolic links of the form libXXX.so to old libraries?
Links like libm.so -> libm.so.5 (where libm.so.5 is an old library) are wrong,
libm.so should point to the newly installed glibc file - and there should be
only one such link (check e.g. /lib and /usr/lib)
You should restart this script from your build directory after you've
fixed all problems!
Btw. the script doesn't work if you're installing GNU libc not as your
primary library!
make[1]: *** [Makefile:120: install] Error 1
make[1]: Leaving directory '/usr/local/src/glibc/glibc-2.31'
make: *** [Makefile:12: install] Error 2
# 解决新启动远程终端时报一个WARNING
make localedata/install-locales
- 制作openssh9.3p2 rpm包
#安装依赖#
[root@220-191 ~]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
#安装imake#
[root@220-191 ~]# yum install -y imake
#创建编译目录#
[root@220-191 ~]# mkdir -p /root/rpmbuild
[root@220-191 ~]# cd /root/rpmbuild
[root@220-191 rpmbuild]# mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS
[root@220-191 rpmbuild]#
[root@220-191 ~]# cd /root/rpmbuild/SOURCES/
#下载openssh9.3p2和x11-ssh-askpass-1.2.4.1.tar.gz#
[root@220-191 SOURCES]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
--2023-08-06 20:12:24-- http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
Resolving [ftp.openbsd.org](ftp://ftp.openbsd.org) ([ftp.openbsd.org](ftp://ftp.openbsd.org))... 199.185.178.81
Connecting to [ftp.openbsd.org](ftp://ftp.openbsd.org) ([ftp.openbsd.org)|199.185.178.81|:80](ftp://ftp.openbsd.org)|199.185.178.81|:80)... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1835850 (1.8M) [text/plain]
Saving to: ‘openssh-9.3p2.tar.gz’
100%[=====================================================================================================>] 1,835,850 550KB/s in 3.3s
2023-08-06 20:12:28 (550 KB/s) - ‘openssh-9.3p2.tar.gz’ saved [1835850/1835850]
[root@220-191 SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz
Location: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/ [following]
--2023-08-06 20:13:59-- https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/
Connecting to src.fedoraproject.org (src.fedoraproject.org)|38.145.60.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1223 (1.2K) [text/html]
Saving to: ‘x11-ssh-askpass-1.2.4.1.tar.gz’
100%[=====================================================================================================>] 1,223 --.-K/s in 0s
2023-08-06 20:14:00 (81.0 MB/s) - ‘x11-ssh-askpass-1.2.4.1.tar.gz’ saved [1223/1223]
[root@220-191 SOURCES]#
#修改openssh.spec配置
[root@220-191 SOURCES]# cd /root/rpmbuild/SOURCES/
[root@220-191 SOURCES]# tar -zxf openssh-9.3p2.tar.gz
##编辑编译配置文件
[root@220-191 SOURCES]# cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
[root@220-191 SOURCES]# cd /root/rpmbuild/SPECS/
[root@220-191 SPECS]# ls -l
total 32
-rw-r--r--. 1 root root 30082 Aug 6 20:19 openssh.spec
[root@220-191 SPECS]# sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" openssh.spec
[root@220-191 SPECS]# sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" openssh.spec
[root@220-191 SPECS]# cat /root/rpmbuild/SPECS/openssh.spec | grep no_gnome_askpass
[root@220-191 SPECS]# cat /root/rpmbuild/SPECS/openssh.spec | grep no_x11_askpass
#修改openssl-devel的报错#
[root@220-191 SPECS]# sed -i '/openssl-devel < 1.1/s/^/#/' openssh.spec
#修改PreReq的报错#
[root@220-191 SPECS]# sed -i '/PreReq:/s/^/#/' openssh.spec
#解决Obsoletes报错#
[root@220-191 SPECS]# sed -i '/Obsoletes:/s/^/#/' openssh.spec
#解决rpmbuild报错#
*** ERROR: No build ID note found in /root/rpmbuild/BUILDROOT/openssh-9.3p2-
在openssh.spec最后加入:
[root@220-191 SPECS]# vim openssh.spec
%define __debug_install_post \
%{_rpmconfigdir}/find-debuginfo.sh %{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}"\
%{nil}
#编译源码包,制作成rpm包#
[root@220-191 SPECS]# cd /root/rpmbuild/SPECS/
[root@220-191 SPECS]# rpmbuild -ba openssh.spec
...
Processing files: openssh-server-9.3p2-1.el7.x86_64
Provides: config(openssh-server) = 9.3p2-1.el7 openssh-server = 9.3p2-1.el7 openssh-server(x86-64) = 9.3p2-1.el7
Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/bash libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.16)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.6)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcom_err.so.2()(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libcrypto.so.10()(64bit) libcrypto.so.10(OPENSSL_1.0.1_EC)(64bit) libcrypto.so.10(OPENSSL_1.0.2)(64bit) libcrypto.so.10(libcrypto.so.10)(64bit) libdl.so.2()(64bit) libgssapi_krb5.so.2()(64bit) libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit) libk5crypto.so.3()(64bit) libkrb5.so.3()(64bit) libkrb5.so.3(krb5_3_MIT)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libresolv.so.2()(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
Processing files: openssh-debuginfo-9.3p2-1.el7.x86_64
Provides: openssh-debuginfo = 9.3p2-1.el7 openssh-debuginfo(x86-64) = 9.3p2-1.el7
Requires(rpmlib): rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(CompressedFileNames) <= 3.0.4-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
Wrote: /root/rpmbuild/SRPMS/openssh-9.3p2-1.el7.src.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p2-1.el7.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.FtwsQ7
\+ umask 022
\+ cd /root/rpmbuild/BUILD
\+ cd openssh-9.3p2
\+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el7.x86_64
\+ exit 0
[root@220-191 SPECS]#
2.5 查看生成的rpm包,并打包
\##编译完成后的软件在,debug的包不用下载安装
[root@220-191 SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/
total 4.9M
-rw-r--r--. 1 root root 634K Aug 6 20:27 openssh-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 627K Aug 6 20:27 openssh-clients-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 462K Aug 6 20:27 openssh-server-9.3p2-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 3.2M Aug 6 20:27 openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
[root@220-191 SPECS]#
\##对rpm进行打包
[root@220-191 x86_64]# tar -zcvf /root/openssh-9.3p2_rpm_for_centos7.9.tar.gz *.rpm
openssh-9.3p2-1.el7.x86_64.rpm
openssh-clients-9.3p2-1.el7.x86_64.rpm
openssh-debuginfo-9.3p2-1.el7.x86_64.rpm
openssh-server-9.3p2-1.el7.x86_64.rpm
三、centos7.9 从openssh7.4p1升级到openssh9.3p2
\##升级之前查看版本
[root@220-191 x86_64]# rpm -qa|grep openssh
openssh-clients-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
[root@220-191 x86_64]#
[root@220-191 x86_64]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@220-191 x86_64]#
\##升级前备份 /etc/pam.d/sshd
cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd
验证openssh是否升级成功
\##升级openssh
yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
[root@220-191 x86_64]# yum localinstall openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm -y
Loaded plugins: fastestmirror
Examining openssh-9.3p2-1.el7.x86_64.rpm: openssh-9.3p2-1.el7.x86_64
Marking openssh-9.3p2-1.el7.x86_64.rpm as an update to openssh-7.4p1-21.el7.x86_64
Examining openssh-clients-9.3p2-1.el7.x86_64.rpm: openssh-clients-9.3p2-1.el7.x86_64
Marking openssh-clients-9.3p2-1.el7.x86_64.rpm as an update to openssh-clients-7.4p1-21.el7.x86_64
Examining openssh-server-9.3p2-1.el7.x86_64.rpm: openssh-server-9.3p2-1.el7.x86_64
Marking openssh-server-9.3p2-1.el7.x86_64.rpm as an update to openssh-server-7.4p1-21.el7.x86_64
Resolving Dependencies
There are unfinished transactions remaining. You might consider running yum-complete-transaction, or "yum-complete-transaction --cleanup-only" and "yum history redo last", first to finish them. If those don't work you'll have to try removing/installing packages by hand (maybe package-cleanup can help).
--> Running transaction check
---> Package openssh.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-clients.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-clients.x86_64 0:9.3p2-1.el7 will be an update
---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be updated
---> Package openssh-server.x86_64 0:9.3p2-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Updating:
openssh x86_64 9.3p2-1.el7 /openssh-9.3p2-1.el7.x86_64 2.9 M
openssh-clients x86_64 9.3p2-1.el7 /openssh-clients-9.3p2-1.el7.x86_64 2.4 M
openssh-server x86_64 9.3p2-1.el7 /openssh-server-9.3p2-1.el7.x86_64 1.1 M
Transaction Summary
===============================================================================================================================================
Upgrade 3 Packages
Total size: 6.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : openssh-9.3p2-1.el7.x86_64 1/6
Updating : openssh-server-9.3p2-1.el7.x86_64 2/6
Updating : openssh-clients-9.3p2-1.el7.x86_64 3/6
Cleanup : openssh-clients-7.4p1-21.el7.x86_64 4/6
Cleanup : openssh-server-7.4p1-21.el7.x86_64 5/6
Cleanup : openssh-7.4p1-21.el7.x86_64 6/6
Verifying : openssh-server-9.3p2-1.el7.x86_64 1/6
Verifying : openssh-9.3p2-1.el7.x86_64 2/6
Verifying : openssh-clients-9.3p2-1.el7.x86_64 3/6
Verifying : openssh-clients-7.4p1-21.el7.x86_64 4/6
Verifying : openssh-7.4p1-21.el7.x86_64 5/6
Verifying : openssh-server-7.4p1-21.el7.x86_64 6/6
Updated:
openssh.x86_64 0:9.3p2-1.el7 openssh-clients.x86_64 0:9.3p2-1.el7 openssh-server.x86_64 0:9.3p2-1.el7
Complete!
[root@220-191 x86_64]#
[root@220-191 x86_64]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@220-191 x86_64]#
##重启sshd出现报错
[root@220-191 x86_64]# systemctl restart sshd
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@220-191 x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2023-08-06 20:39:07 CST; 7s ago
Docs: man:systemd-sysv-generator(8)
Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 32668 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=1/FAILURE)
Main PID: 1029 (code=exited, status=0/SUCCESS)
Aug 06 20:39:07 220-191 sshd[32668]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Aug 06 20:39:07 220-191 sshd[32668]: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Aug 06 20:39:07 220-191 sshd[32668]: It is required that your private key files are NOT accessible by others.
Aug 06 20:39:07 220-191 sshd[32668]: This private key will be ignored.
Aug 06 20:39:07 220-191 sshd[32668]: sshd: no hostkeys available -- exiting.
Aug 06 20:39:07 220-191 sshd[32668]: [FAILED]
Aug 06 20:39:07 220-191 systemd[1]: sshd.service: control process exited, code=exited status=1
Aug 06 20:39:07 220-191 systemd[1]: Failed to start SYSV: OpenSSH server daemon.
Aug 06 20:39:07 220-191 systemd[1]: Unit sshd.service entered failed state.
Aug 06 20:39:07 220-191 systemd[1]: sshd.service failed.
[root@220-191 x86_64]#
\##修改文件权限
[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_rsa_key
[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_ecdsa_key
[root@220-191 x86_64]# chmod 600 /etc/ssh/ssh_host_ed25519_key
\##再次重启sshd,正常
[root@220-191 x86_64]# systemctl restart sshd
[root@220-191 x86_64]# systemctl status sshd.service
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Sun 2023-08-06 20:40:10 CST; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 32628 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 32689 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 32697 (sshd)
CGroup: /system.slice/sshd.service
└─32697 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Aug 06 20:40:10 220-191 systemd[1]: Starting SYSV: OpenSSH server daemon...
Aug 06 20:40:10 220-191 sshd[32689]: /sbin/restorecon: lstat(/etc/ssh/ssh_host_dsa_key.pub) failed: No such file or directory
Aug 06 20:40:10 220-191 sshd[32697]: Server listening on 0.0.0.0 port 22.
Aug 06 20:40:10 220-191 sshd[32697]: Server listening on :: port 22.
Aug 06 20:40:10 220-191 sshd[32689]: Starting sshd:[ OK ]
Aug 06 20:40:10 220-191 systemd[1]: Started SYSV: OpenSSH server daemon.
[root@220-191 x86_64]#
四、Centos7.9 openssh 9.3p1升级到openssh 9.3p2
[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@ucsp-rancher-03 openssh9.3p2]#
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
[root@ucsp-rancher-03 openssh9.3p2]# cp -r /etc/pam.d /etc/pam.d.bak
cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]# cp /etc/pam.d/sshd /root/sshd
[root@ucsp-rancher-03 openssh9.3p2]#
rpm -Uvh --nodeps *
完毕!
[root@ucsp-rancher-03 openssh9.3p2]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.0.2k-fips 26 Jan 2017
echo PermitRootLogin yes >> /etc/ssh/sshd_config
[root@ucsp-rancher-03 openssh9.3p2]# systemctl restart sshd
[root@ucsp-rancher-03 openssh9.3p2]#
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
systemctl restart sshd
769
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
