一、背景说明
BClinux8.6 安装的openssh 版本为9.3p1,经绿盟扫描,存在高危漏洞,需要升级到最新。
OpenSSH 命令注入漏洞(CVE-2020-15778)
OpenSSH 安全漏洞(CVE-2023-38408)
目前官网只提供编译安装包,而BClinux8.6 为rpm方式安装。
为了方便升级,先通过编译安装包,制作rpm包,并进行升级
如下为做好的rpm升级包,可直接下载使用:
openssh 9.3p2 for bclinux & 龙蜥Anolis 8.6版本
1.1 系统版本查看 cat /etc/os-release
[root@localhost ~]# cat /etc/os-release
NAME="BigCloud Enterprise Linux"
VERSION="8.6 (Core)"
ID="bclinux"
ID_LIKE="rhel fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:an8"
PRETTY_NAME="BigCloud Enterprise Linux 8.6 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:bclinux:bclinux:8"
HOME_URL="https://mirrors.bclinux.org/"
BUG_REPORT_URL="https://bugs.bclinux.org/"
BCLINUX_BUGZILLA_PRODUCT="BigCloud Enterprise Linux 8 (Core)"
BCLINUX_BUGZILLA_PRODUCT_VERSION=8.6
BCLINUX_SUPPORT_PRODUCT="BigCloud Enterprise Linux 8 (Core)"
BCLINUX_SUPPORT_PRODUCT_VERSION=8.6
[root@localhost ~]#
二、rpm包制作
2.1、安装制作的工具
dnf install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
[root@localhost mysql]# dnf install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel libXt-devel gtk2-devel make perl -y
无法连接BC-Linux的YUM源服务器。
AppStream 176 kB/s | 4.3 kB 00:00
BaseOS 349 kB/s | 3.8 kB 00:00
软件包 rpm-build-4.14.3-23.0.1.an8.x86_64 已安装。
软件包 zlib-devel-1.2.11-18.0.1.an8_5.x86_64 已安装。
软件包 openssl-devel-1:1.1.1k-6.an8.x86_64 已安装。
软件包 gcc-8.5.0-10.1.0.1.an8_6.x86_64 已安装。
软件包 perl-devel-4:5.26.3-421.0.1.an8.x86_64 已安装。
软件包 pam-devel-1.3.1-16.0.1.an8.x86_64 已安装。
未找到匹配的参数: libXt-devel
软件包 gtk2-devel-2.24.32-5.an8.x86_64 已安装。
软件包 make-1:4.2.1-11.0.1.an8.x86_64 已安装。
软件包 perl-4:5.26.3-421.0.1.an8.x86_64 已安装。
错误:没有任何匹配: libXt-devel
[root@localhost mysql]#
安装imake
dnf install imake -y
##验证imake是否安装成功
[root@localhost mysql]# rpm -qa|grep imake
imake-1.0.7-11.el8.x86_64
[root@localhost mysql]#
2.2下载源码
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
2.3 初始化
##拷贝源码包到相应目录
mkdir -p /root/rpmbuild/SOURCES
cp openssh-9.3p2.tar.gz /root/rpmbuild/SOURCES
cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
##解压
[root@localhost ~]# cd rpmbuild/SOURCES/
[root@localhost SOURCES]# ls
openssh-9.3p2.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz
[root@localhost SOURCES]# tar -zxf openssh-9.3p2.tar.gz
##解压源码包,拷贝spec文件
mkdir -p /root/rpmbuild/SPECS/
[root@localhost openssh-9.3p2]# find ./ -name openssh.spec
./contrib/redhat/openssh.spec
./contrib/suse/openssh.spec
[root@localhost openssh-9.3p2]#
[root@localhost openssh-9.3p2]# cp ./contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
##尝试构建rpm包,提示报错:
[root@localhost SPECS]# rpmbuild -ba openssh.spec
错误:构建依赖失败:
openssl-devel < 1.1 被 openssh-9.3p1-1.el8.bclinux.x86_64 需要
[root@localhost SPECS]#
##解决方法
cd /root/rpmbuild/SPECS/
vi openssh.spec
注释如下行
#BuildRequires: openssl-devel < 1.1
2.4 rpm打包
再次执行成功:
rpmbuild -ba openssh.spec
等待编译完成
[root@localhost SPECS]# rpmbuild -ba openssh.spec
正在执行(%prep):/bin/sh -e /var/tmp/rpm-tmp.YF6kWe
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf openssh-9.3p2
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssh-9.3p2.tar.gz
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd openssh-9.3p2
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/x11-ssh-askpass-1.2.4.1.tar.gz
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
正在执行(%build):/bin/sh -e /var/tmp/rpm-tmp.RndD6t
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p2
...
...
处理文件:openssh-askpass-9.3p2-1.el8.bclinux.x86_64
正在执行(%doc):/bin/sh -e /var/tmp/rpm-tmp.f9gsh6
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p2
+ DOCDIR=/root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64/usr/share/doc/openssh-askpass
+ export LC_ALL=C
+ LC_ALL=C
+ export DOCDIR
+ /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64/usr/share/doc/openssh-askpass
+ cp -pr x11-ssh-askpass-1.2.4.1/README /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64/usr/share/doc/openssh-askpass
+ cp -pr x11-ssh-askpass-1.2.4.1/ChangeLog /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64/usr/share/doc/openssh-askpass
+ cp -pr x11-ssh-askpass-1.2.4.1/SshAskpass-1337.ad x11-ssh-askpass-1.2.4.1/SshAskpass-NeXTish.ad x11-ssh-askpass-1.2.4.1/SshAskpass-default.ad x11-ssh-askpass-1.2.4.1/SshAskpass-green.ad x11-ssh-askpass-1.2.4.1/SshAskpass-motif.ad x11-ssh-askpass-1.2.4.1/SshAskpass.ad /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64/usr/share/doc/openssh-askpass
+ exit 0
Provides: openssh-askpass = 9.3p2-1.el8.bclinux openssh-askpass(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libICE.so.6()(64bit) libSM.so.6()(64bit) libX11.so.6()(64bit) libXt.so.6()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) rtld(GNU_HASH)
Obsoletes: ssh-extras
处理文件:openssh-askpass-gnome-9.3p2-1.el8.bclinux.x86_64
Provides: config(openssh-askpass-gnome) = 9.3p2-1.el8.bclinux openssh-askpass-gnome = 9.3p2-1.el8.bclinux openssh-askpass-gnome(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libX11.so.6()(64bit) libatk-1.0.so.0()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libcairo.so.2()(64bit) libfontconfig.so.1()(64bit) libfreetype.so.6()(64bit) libgdk-x11-2.0.so.0()(64bit) libgdk_pixbuf-2.0.so.0()(64bit) libgio-2.0.so.0()(64bit) libglib-2.0.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgtk-x11-2.0.so.0()(64bit) libpango-1.0.so.0()(64bit) libpangocairo-1.0.so.0()(64bit) libpangoft2-1.0.so.0()(64bit) libpthread.so.0()(64bit) rtld(GNU_HASH)
Obsoletes: ssh-extras
处理文件:openssh-debugsource-9.3p2-1.el8.bclinux.x86_64
Provides: openssh-debugsource = 9.3p2-1.el8.bclinux openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
处理文件:openssh-debuginfo-9.3p2-1.el8.bclinux.x86_64
Provides: debuginfo(build-id) = 6c26bac0b98a5d0ad61c9bae74017009f37c047b debuginfo(build-id) = 85858de18635278190d489849fadee3ac19509c5 debuginfo(build-id) = 87cf12a118712cb19012f45bd7c8111ea788b8ab debuginfo(build-id) = a16b8b66844755207a7f895cc26f640dd177eaa1 debuginfo(build-id) = f57df74f3d4c573ab24121f1e0f361f25981eba4 openssh-debuginfo = 9.3p2-1.el8.bclinux openssh-debuginfo(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Recommends: openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
处理文件:openssh-clients-debuginfo-9.3p2-1.el8.bclinux.x86_64
Provides: debuginfo(build-id) = 33f1de0944c4fc17007f8aa277d022349d7c1096 debuginfo(build-id) = 9e3215f23de8351987a810f1f536dcf198c52d71 debuginfo(build-id) = d499a0e4b5bc043ec638ba8f74a17dd1f1cbe6e8 debuginfo(build-id) = e4c12f130614fc283662118326edc04ea43e5f3a debuginfo(build-id) = fb476c2146c33b4da382b6e57bf5aea70562346d openssh-clients-debuginfo = 9.3p2-1.el8.bclinux openssh-clients-debuginfo(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Recommends: openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
处理文件:openssh-server-debuginfo-9.3p2-1.el8.bclinux.x86_64
Provides: debuginfo(build-id) = a07f6a46821037c7999968990593c2e8c6106deb debuginfo(build-id) = fb6f867b6fbcc5c3857771072d7f68c7546682ed openssh-server-debuginfo = 9.3p2-1.el8.bclinux openssh-server-debuginfo(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Recommends: openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
处理文件:openssh-askpass-debuginfo-9.3p2-1.el8.bclinux.x86_64
Provides: debuginfo(build-id) = 7e3cb3ce5d0c49f21c9b87eca8d0a16b82aebeca openssh-askpass-debuginfo = 9.3p2-1.el8.bclinux openssh-askpass-debuginfo(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Recommends: openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
处理文件:openssh-askpass-gnome-debuginfo-9.3p2-1.el8.bclinux.x86_64
Provides: debuginfo(build-id) = 633a8f67c8b45a46b0eb497745833faa5e24b640 openssh-askpass-gnome-debuginfo = 9.3p2-1.el8.bclinux openssh-askpass-gnome-debuginfo(x86-64) = 9.3p2-1.el8.bclinux
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Recommends: openssh-debugsource(x86-64) = 9.3p2-1.el8.bclinux
检查未打包文件:/usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64
已写至:/root/rpmbuild/SRPMS/openssh-9.3p2-1.el8.bclinux.src.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-server-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-askpass-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-debugsource-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-clients-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-server-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-askpass-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
已写至:/root/rpmbuild/RPMS/x86_64/openssh-askpass-gnome-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
正在执行(%clean):/bin/sh -e /var/tmp/rpm-tmp.SgHW9F
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p2
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p2-1.el8.bclinux.x86_64
+ exit 0
[root@localhost SPECS]#
2.5 查看制作后的rpm包
查看制作完成后生成的包:
[root@localhost x86_64]# ls -lrth /root/rpmbuild/RPMS/x86_64/
[root@localhost SPECS]# ls -lrth /root/rpmbuild/RPMS/x86_64/
总用量 6.2M
-rw-r--r-- 1 root root 681K 8月 6 09:57 openssh-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 655K 8月 6 09:57 openssh-clients-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 484K 8月 6 09:57 openssh-server-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 50K 8月 6 09:57 openssh-askpass-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 31K 8月 6 09:57 openssh-askpass-gnome-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 748K 8月 6 09:57 openssh-debugsource-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 1.1M 8月 6 09:57 openssh-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 1.5M 8月 6 09:57 openssh-clients-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 921K 8月 6 09:57 openssh-server-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 61K 8月 6 09:57 openssh-askpass-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 42K 8月 6 09:57 openssh-askpass-gnome-debuginfo-9.3p2-1.el8.bclinux.x86_64.rpm
[root@localhost SPECS]#
三、使用制作好的rpm包进行升级
3.1 升级前备份
##利用制作的rpm包对openssh进行升级
升级前检查rpm版本
[root@localhost SPECS]# rpm -qa|grep openssh
openssh-clients-9.3p1-1.el8.bclinux.x86_64
openssh-9.3p1-1.el8.bclinux.x86_64
openssh-server-9.3p1-1.el8.bclinux.x86_64
[root@localhost SPECS]#
##备份配置文件
[root@localhost x86_64]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.20230806
##升级只需准备如下3个包
openssh-clients-9.3p2-1.el8.bclinux.x86_64.rpm openssh-9.3p2-1.el8.bclinux.x86_64.rpm openssh-server-9.3p2-1.el8.bclinux.x86_64.rpm
[root@localhost ~]# ls -lrt openssh-*
-rw-r--r-- 1 root root 670648 8月 6 10:03 openssh-clients-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 696820 8月 6 10:03 openssh-9.3p2-1.el8.bclinux.x86_64.rpm
-rw-r--r-- 1 root root 495228 8月 6 10:03 openssh-server-9.3p2-1.el8.bclinux.x86_64.rpm
[root@localhost ~]#
3.2 开始升级dnf install *.rpm
[root@localhost ~]# dnf localinstall *.rpm
无法连接BC-Linux的YUM源服务器。
上次元数据过期检查:0:29:54 前,执行于 2023年08月06日 星期日 09时37分33秒。
依赖关系解决。
======================================================================================================================================================================================================================
软件包 架构 版本 仓库 大小
======================================================================================================================================================================================================================
升级:
openssh x86_64 9.3p2-1.el8.bclinux @commandline 680 k
openssh-clients x86_64 9.3p2-1.el8.bclinux @commandline 655 k
openssh-server x86_64 9.3p2-1.el8.bclinux @commandline 484 k
事务概要
======================================================================================================================================================================================================================
升级 3 软件包
总计:1.8 M
确定吗?[y/N]: y
下载软件包:
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
升级 : openssh-9.3p2-1.el8.bclinux.x86_64 1/6
升级 : openssh-clients-9.3p2-1.el8.bclinux.x86_64 2/6
运行脚本: openssh-server-9.3p2-1.el8.bclinux.x86_64 3/6
升级 : openssh-server-9.3p2-1.el8.bclinux.x86_64 3/6
运行脚本: openssh-server-9.3p2-1.el8.bclinux.x86_64 3/6
运行脚本: openssh-server-9.3p1-1.el8.bclinux.x86_64 4/6
清理 : openssh-server-9.3p1-1.el8.bclinux.x86_64 4/6
运行脚本: openssh-server-9.3p1-1.el8.bclinux.x86_64 4/6
清理 : openssh-clients-9.3p1-1.el8.bclinux.x86_64 5/6
清理 : openssh-9.3p1-1.el8.bclinux.x86_64 6/6
运行脚本: openssh-9.3p1-1.el8.bclinux.x86_64 6/6
验证 : openssh-9.3p2-1.el8.bclinux.x86_64 1/6
验证 : openssh-9.3p1-1.el8.bclinux.x86_64 2/6
验证 : openssh-clients-9.3p2-1.el8.bclinux.x86_64 3/6
验证 : openssh-clients-9.3p1-1.el8.bclinux.x86_64 4/6
验证 : openssh-server-9.3p2-1.el8.bclinux.x86_64 5/6
验证 : openssh-server-9.3p1-1.el8.bclinux.x86_64 6/6
已升级:
openssh-9.3p2-1.el8.bclinux.x86_64 openssh-clients-9.3p2-1.el8.bclinux.x86_64 openssh-server-9.3p2-1.el8.bclinux.x86_64
完毕!
[root@localhost ~]#
查看ssh版本
[root@localhost ~]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.1.1k FIPS 25 Mar 2021
[root@localhost ~]#
3.3 升级后ssh服务之后,重启ssh服务
##确认如下文件的权限为0600,如果不是,请修改为0600
[root@localhost ~]# ls -lrt /etc/ssh/ssh_host_ed25519_key
-rw------- 1 root ssh_keys 387 4月 3 17:45 /etc/ssh/ssh_host_ed25519_key
[root@localhost ~]#
##重启sshd服务
[root@localhost ~]# systemctl restart sshd
[root@localhost ~]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; generated)
Active: active (running) since Sun 2023-08-06 10:09:36 CST; 1s ago
Docs: man:systemd-sysv-generator(8)
Process: 2994907 ExecStop=/etc/rc.d/init.d/sshd stop (code=exited, status=0/SUCCESS)
Process: 2994924 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 2994942 (sshd)
Tasks: 17 (limit: 101087)
Memory: 52.2M
CGroup: /system.slice/sshd.service
├─ 303476 ./wgcloud-agent-release
├─2950065 sshd: sudoroot [priv]
├─2950067 sshd: sudoroot@pts/0,pts/1
├─2950068 -bash
├─2962229 -bash
└─2994942 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
8月 06 10:09:36 localhost.localdomain sshd[2994941]: This private key will@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
8月 06 10:09:36 localhost.localdomain sshd[2994941]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
8月 06 10:09:36 localhost.localdomain sshd[2994941]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
8月 06 10:09:36 localhost.localdomain sshd[2994941]: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
8月 06 10:09:36 localhost.localdomain sshd[2994941]: It is required that your private key files are NOT accessible by others.
8月 06 10:09:36 localhost.localdomain sshd[2994941]: This private key will be ignored.
8月 06 10:09:36 localhost.localdomain sshd[2994942]: Server listening on 0.0.0.0 port 22.
8月 06 10:09:36 localhost.localdomain sshd[2994942]: Server listening on :: port 22.
8月 06 10:09:36 localhost.localdomain sshd[2994924]: [ 确定 ]
8月 06 10:09:36 localhost.localdomain systemd[1]: Started SYSV: OpenSSH server daemon.
[root@localhost ~]#
3.4 查看ssh版本
##使用rpm查看openssh版本
[root@localhost ~]# rpm -qa|grep openssh
openssh-server-9.3p2-1.el8.bclinux.x86_64
openssh-9.3p2-1.el8.bclinux.x86_64
openssh-clients-9.3p2-1.el8.bclinux.x86_64
[root@localhost ~]#
##使用ssh -V查看ssh版本
[root@localhost ~]# ssh -V
OpenSSH_9.3p2, OpenSSL 1.1.1k FIPS 25 Mar 2021
[root@localhost ~]#