ssh升级管理
版本查看
ssh -V
升级准备
ssh升级后登录异常
sshd error: Could not get shadow information for secure
sshd[5820]: Failed password for secure from 10.32.3.4 port 55166 ssh2
点击查看代码
解决方法:先查看系统实时日志,tail -f /var/log/messages,一般有报错提示,“localhost sshd[19802]: error: Could not get shadow information for admin...”,
1.先去/etc/ssh/sshd_config下把UsePAM改为yes,
2.到/etc/pam.d/sshd下把内容修改为
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
systemctl restart sshd
——————————————————————————————————————————————
ssh升级后启动异常
systemd: sshd.service start operation timed out. Terminating
自动生成的service配置文件设置可见,对应的启动、停止等命令都已经换成了对 sshd.init 脚本的操作,而不是原来的对 /usr/sbin/sshd 命令的操作
修改service文件
`# Automatically generated by systemd-sysv-generator
[Unit]
Documentation=man:systemd-sysv-generator(8)
SourcePath=/etc/rc.d/init.d/sshd.init
Description=SYSV: OpenSSH server daemon
[Service]
Type=forking
Restart=no
TimeoutSec=5min
IgnoreSIGPIPE=no
KillMode=process
GuessMainPID=no
RemainAfterExit=no
PIDFile=/var/run/sshd.pid
ExecStart=/etc/rc.d/init.d/sshd.init start
ExecStop=/etc/rc.d/init.d/sshd.init stop
ExecReload=/etc/rc.d/init.d/sshd.init reload
`
原来的service文件
点击查看代码
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target