这篇博客记录了解决Linux上sshd服务启动失败的过程。问题包括:主机密钥加载失败和权限分离目录缺失。通过使用ssh-keygen生成主机密钥对和手动创建缺失的目录,然后重启sshd服务,最终成功启动并能进行远程连接。
这里记录一下解决过程
首先查看Linux端sshd服务是否正常:
systemctl status sshd.service
错误类型一:
greatwall@greatwall-F120:~$ systemctl status sshd.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since 二 2021-04-06 09:40:39 CST; 1h 20min ago
Process: 844 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
Main PID: 844 (code=exited, status=255)
4月 06 09:40:39 greatwall-F120 systemd[1]: Starting OpenBSD Secure Shell server...
4月 06 09:40:39 greatwall-F120 sshd[844]: Could not load host key: /etc/ssh/ssh_host_gmsm2_key
4月 06 09:40:39 greatwall-F120 sshd[844]: Missing privilege separation directory: /var/run/sshd
4月 06 09:40:39 greatwall-F120 systemd[1]: ssh.service: Main process exited, code=exited, status=255/n/a
4月 06 09:40:39 greatwall-F120 systemd[1]: Failed to start OpenBSD Secure Shell server.
4月 06 09:40:39 greatwall-F120 systemd[1]: ssh.service: Unit entered failed state.
4月 06 09:40:39 greatwall-F120 systemd[1]: ssh.service: Failed with result 'exit-code'.
发现:Active: failed (Result: exit-code)
原因是:Could not load host key: /etc/ssh/ssh_host_gmsm2_key
和: Missing privilege separation directory: /var/run/sshd
后者创建目录即可,前者需要在Linux端使用 ssh-keygen 程序来生成一对公钥/私钥对
sudo ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_gmsm2_key
greatwall@greatwall-F120:/etc/ssh$ sudo ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_gmsm2_key
[sudo] greatwall 的密码:
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match. Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_gmsm2_key.
Your public key has been saved in /etc/ssh/ssh_host_gmsm2_key.pub.
The key fingerprint is:
SHA256:dlTmO47VzbVclt3B8OpsshoJ+ykBavU3ZrNRt9WqU9A root@greatwall-F120
The key's randomart image is:
+---[RSA 2048]----+
| o.o. |
| + ..=|
| . .. oB|
| o . ..+E==|
| o o.S o =o++o|
| o +oO.+ooo |
| . .=o*..* |
| ...o * |
| .+.. . |
+----[SHA256]-----+
提示"Enter passphrase"的时候按两下回车即可
然后/etc/ssh$ ll 可以发现已经生成相应的key
接着查看sshd服务 systemctl status sshd
greatwall@greatwall-F120:/etc/ssh$ systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2021-04-06 11:31:41 CST; 3h 18min ago
Main PID: 7070 (sshd)
Tasks: 1
Memory: 700.0K
CPU: 8ms
CGroup: /system.slice/ssh.service
└─7070 /usr/sbin/sshd -D
4月 06 11:31:41 greatwall-F120 systemd[1]: Starting OpenBSD Secure Shell server...
4月 06 11:31:41 greatwall-F120 sshd[7070]: Could not load host key: /etc/ssh/ssh_host_gmsm2_key
4月 06 11:31:41 greatwall-F120 sshd[7070]: Server listening on 0.0.0.0 port 22.
4月 06 11:31:41 greatwall-F120 sshd[7070]: Server listening on :: port 22.
4月 06 11:31:41 greatwall-F120 systemd[1]: Started OpenBSD Secure Shell server.
发现依然有"Could not load host key: /etc/ssh/ssh_host_gmsm2_key"
这时候重启sshd服务,就可以远程连接啦!
sudo systemctl restart sshd
systemctl status sshd
greatwall@greatwall-F120:/etc/ssh$ sudo systemctl restart sshd
greatwall@greatwall-F120:/etc/ssh$ systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2021-04-06 14:50:39 CST; 11s ago
Main PID: 8978 (sshd)
Tasks: 1
Memory: 704.0K
CPU: 9ms
CGroup: /system.slice/ssh.service
└─8978 /usr/sbin/sshd -D
4月 06 14:50:39 greatwall-F120 systemd[1]: Starting OpenBSD Secure Shell server...
4月 06 14:50:39 greatwall-F120 sshd[8978]: Server listening on 0.0.0.0 port 22.
4月 06 14:50:39 greatwall-F120 sshd[8978]: Server listening on :: port 22.
4月 06 14:50:39 greatwall-F120 systemd[1]: Started OpenBSD Secure Shell server.
错误类型二:
Missing privilege separation directory: /var/ru
1.输入
sshd -t
出现报错Missing privilege separation directory: /var/run/sshd
2.输入命令
sudo mkdir -p /var/run/sshd
sudo service sshd start
扫一扫
3804
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
