Linux ssh key 失效

处理/etc/ssh/ssh_host_rsa_key 失效问题
处理/etc/ssh/ssh_host_rsa_key 失效问题
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for ‘/etc/ssh/ssh_host_rsa_key‘ are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@        WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for ‘/etc/ssh/ssh_host_dsa_key‘ are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
                                                            [FAILED]
               
如果出现已上bug

1. 备份/etc/ssh/ssh_host_rsa_key
sudo cp /etc/ssh/ssh_host_rsa_key ~/etc/ssh/ssh_host_rsa_key

2. 备份/etc/ssh/ssh_host_dsa_key
sudo cp /etc/ssh/ssh_host_dsa_key ~/etc/ssh/ssh_host_dsa_key

3. 删除原有的这两个配置文件
sudo rm -rf /etc/ssh/ssh_host_rsa_key ; sudo rm -rf /etc/ssh/ssh_host_dsa_key

4. 进行重启sshd服务
sudo /etc/init.d/sshd restart

5. 如果出现以下的错误，再进行配置
Stopping sshd:                                              [FAILED]
Starting sshd: /var/empty/sshd must be owned by root and not group or world-writable.
                                                            [FAILED]

6. 给配置文件授权
chmod 744 /var/empty/sshd
chmod u+rwx /var/empty/ssh/etc/local~
注：如果/var/empty/ssh/etc的属主有执行的权限sshd也是不能成功启动的，需要去掉权限

7. 再次启动sshd服务如果是这样的情况

正确是这样
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

如果是这样
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]
再次启动还是这样，则会有问题的，需要再次进行配置

8. 查看sshd进程的侦听状态
比如：
[[email protected] ~]# netstat -natpl | grep sshd
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      27641/sshd          ##正确的显示方式
tcp        0      0 172.28.88.67:22           172.28.88.68:50692        ESTABLISHED 19493/sshd          ##需要kill
tcp        0      0 172.28.88.67:22           172.28.88.78:56349        ESTABLISHED 25221/sshd          ##需要kill
tcp        0      0 172.28.88.67:22           172.28.88.208:50812        ESTABLISHED 20536/sshd          ##需要kill
tcp        0     52 172.28.88.67:22           172.28.88.18:52873        ESTABLISHED 27550/sshd          ##需要kill
tcp        0      0 :::22                       :::*                        LISTEN      27641/sshd    ##正确的显示方式

9. 再次启动就真没有什么问题

Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]