Loading... ## 简述 运维环境禁止连接外网,遂记录一下。 ## Telnet下载 [telnet-0.17-65.el7\_8.x86\_64.rpm](http://www.rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/telnet-0.17-65.el7_8.x86_64.rpm)[telnet-server-0.17-65.el7\_8.x86\_64.rpm](http://www.rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/telnet-server-0.17-65.el7_8.x86_64.rpm) [xinetd-2.3.15-14.el7.x86\_64.rpm](http://www.rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/xinetd-2.3.15-14.el7.x86_64.rpm) ## Tennet安装 ``` rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm rpm -ivh telnet-0.17-65.el7_8.x86_64.rpm rpm -ivh telnet-server-0.17-65.el7_8.x86_64.rpm ``` ## 修改配置 ``` vi /etc/xinetd.d/telnet ``` 修改后内容如下,需要将disable改为no,后续安装完成后将其改为yes重启或关闭xinetd服务即可关闭telnet ``` # default: on # description: The telnet server serves telnet sessions; it uses \ # unencrypted username/password pairs for authentication. service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } ``` ## Openssh下载 [openssh-9.2p1.tar.gz](https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.2p1.tar.gz)[zlib-1.2.13.tar.gz](http://www.zlib.net/zlib-1.2.13.tar.gz) [openssl-1.1.1g.tar.gz](https://www.openssl.org/source/openssl-1.1.1g.tar.gz) ## Openssh安装 1、解压并编译安装zlib-1.2.13 ``` tar -xzvf zlib-1.2.13.tar.gz cd zlib-1.2.13 ./configure --prefix=/usr/local/zlib make && make install ``` 2、解压并编译安装openssl ``` tar -xzvf openssl-1.1.1g cd openssl-1.1.1g ./config --prefix=/usr/local/ssl -d shared make && make install echo '/usr/local/ssl/lib' >> /etc/ld.so.conf ldconfig -v ``` 3、解压并编译安装openssh ``` tar -xzvf openssh-9.2p1.tar.gz cd openssh-9.2p1 ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl make && make install ``` ## sshd\_config文件修改 ``` echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config ``` ## 备份后复制新配置 ``` mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config mv /usr/sbin/sshd /usr/sbin/sshd.bak cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd mv /usr/bin/ssh /usr/bin/ssh.bak cp /usr/local/openssh/bin/ssh /usr/bin/ssh mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub ``` ## 启动sshd并查看版本号 ``` service sshd restart ``` ``` [root@localhost~]# ssh -V OpenSSH_9.2p1, OpenSSL 1.1.1g 21 Apr 2020 ``` ## 故障排查: 1、升级完成后重启sshd服务报错如下: ``` [root@localhost~]# systemctl restart sshd Job for sshd.service failed. See 'systemctl status sshd.service' and 'journalctl -xn' for details. ``` 查看日志: ``` [root@localhost~]# journalctl -u sshd.service ``` 有如下报错信息 ``` 3月 02 14:21:20 localhost systemd[1]: Starting SYSV: OpenSSH server daemon... 3月 02 14:21:20 localhost sshd[13955]: Starting sshd:[ 确定 ] 3月 02 14:21:20 localhost systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start. 3月 02 14:21:20 localhost systemd[1]: Started SYSV: OpenSSH server daemon. 3月 02 14:32:29 localhost systemd[1]: Stopping SYSV: OpenSSH server daemon... 3月 02 14:32:29 localhost sshd[13961]: Received signal 15; terminating. 3月 02 14:32:29 localhost sshd[25916]: Stopping sshd:[ 确定 ] 3月 02 14:32:29 localhost systemd[1]: Starting SYSV: OpenSSH server daemon... 3月 02 14:32:29 localhost sshd[25926]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. 3月 02 14:32:29 localhost sshd[25920]: Starting sshd:[ 确定 ] 3月 02 14:32:29 localhost systemd[1]: PID file /var/run/sshd.pid not readable (yet?) after start. ``` 22端口被占用导致sshd无法启动 ``` [root@localhost~]# sudo lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 42u IPv6 2721 0t0 TCP *:ssh (LISTEN) ``` 可确认systemd进程pid为1,此时占用22端口 ## 解决方案: 断开ssh连接,使用telnet连接服务器 ``` [root@localhost~]# kill -9 1 [root@localhost~]# systemctl restart sshd ``` sshd此时启动成功,s远程连接测试正常断开telnet并关闭telnet功能 ``` service xinetd stop systemctl disabled xinetd ``` 结束。 最后修改:2024 年 07 月 10 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏