Centos7.5升级到Centos7.9报错无法远程链接错误Network error: Connection refused解决
Centos从7.5升级到7.9通过如下命令:
sudo yum install epel-release
sudo yum install yum-utils
sudo yum install centos-release
sudo yum clean all
sudo yum update
sudo reboot
cat /etc/redhat-release
由于升级后,ssh无法正常链接,通过排查查看到openssh版本为OpenSSH_7.4p1 故而需要将版本升级到OpenSSH_8.9p1,
ssh -V
原服务器系统版本为:
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
需要升级到最新版:
OpenSSH_8.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017
(1)检查openssh版本
rpm -qa|grep openssh
(2)避免openssh失败无法登陆安装telnet
mkdir /var/mshnsssofts
cd /var/mshnsssofts
cp -r /etc/ssh sshbackup__conf_20240131
###备份老配置文件
yum install -y telnet-server xinetd
##### --安装
echo -e 'pts/0' >>/etc/securetty
echo -e 'pts/1' >>/etc/securetty
echo -e 'pts/2' >>/etc/securetty
echo -e 'pts/3' >>/etc/securetty
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
(3)卸载旧的openssh
rpm -e `rpm -qa | grep openssh` --nodeps
(4)安装必要的软件:
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
(5)解压编译
### 下载
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
tar -zxvf openssh-8.9p1.tar.gz
cd openssh-8.9p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords \
--with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
make && make install
# ##########
vim /etc/ssh/sshd_config
######(1)、 #PermitRootLogin without-password 下添加一行,改为 PermitRootLogin no
######(2)、 #X11Forwarding no 改为X11Forwarding yes
echo 'UsePAM yes' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
(6)重启验证
先重新启动一个新的客户端连接,无法正常连接,确认后重启:
systemctl restart sshd
若报错:
“Permissions 600 for '/etc/ssh/ssh_host_ed25519_key' are too open”:
chmod 600 /etc/ssh/ssh_host_rsa_key
(7)验证完毕后,关闭telnet服务
vi /etc/securetty
pts/0
pts/1
pts/2
pts/3
#停止telnet服务
systemctl stop telnet.socket
systemctl disable telnet.socket
systemctl stop xinetd.service
systemctl disable xinetd.service
(8)查看ssh -V 版本
修改查看config
vim /etc/selinux/config
##将SELINUX=enforcing改为SELINUX=disabled
修改查看sshd_config
vim /etc/ssh/sshd_config
###(1)、 #PermitRootLogin without-password 下一行,为 PermitRootLogin no
###(2)、 #X11Forwarding no 改为X11Forwarding yes
查看ssh -V 版本
ssh -V
## OpenSSH_8.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017
更新完成,测试重新ssh链接,正常链接!