今天用SecureCRT远程连接Linux(Centos 7)时,连不上,报错The remote system refused the connection.
于是就百度,首先查看sshd服务有没有启动
只有ssh-agent,于是去启动sshd
执行如下命令
cd /etc/init.dsystemctl restart sshd.service没有成功,报错
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.。
再使用这个命令journalctl -xe看错误信息,具体报错信息如下。
[root@localhost ssh]# systemctl restart sshd.service
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
[root@localhost ssh]# journalctl -xe
12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_rsa_key' are too open.
12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.
12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.
12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions
12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_rsa_key
12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12月 05 10:45:01 localhost.localdomain sshd[11508]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.
12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.
12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions
12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
12月 05 10:45:01 localhost.localdomain systemd[1]: sshd.service: main process exited, code=exited, status=1/FAILURE
12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12月 05 10:45:01 localhost.localdomain sshd[11508]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_ed25519_key' are too open.
12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.
12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.
12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions
12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
12月 05 10:45:01 localhost.localdomain sshd[11508]: sshd: no hostkeys available -- exiting.
12月 05 10:45:01 localhost.localdomain systemd[1]: Failed to start OpenSSH server daemon.
-- Subject: Unit sshd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sshd.service has failed.
--
-- The result is failed.
12月 05 10:45:01 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.
12月 05 10:45:01 localhost.localdomain systemd[1]: sshd.service failed.
12月 05 10:45:01 localhost.localdomain polkitd[7760]: Unregistered Authentication Agent for unix-process:11502:197209 (system bus name :1.14
lines 1492-1525/1525 (END)
看到很多Permissions这个词,权限。
诸如;Permissions 0715 for '/etc/ssh/ssh_host_rsa_key' are too open.key_load_private: bad permissions
的错,这是一些密钥文件,也就是说没有权限访问这几个文件,可我用的root啊也没权限,奇怪了。
那么我们看看这三个文件现在的权限是什么。切到/etc/ssh下ll查看,这三个文件的权限是755,感觉没啥问题啊。继续百度吧。
搜了好久,有篇博文说执行这个命令
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key也就是修改这个三个文件的权限为600
再执行systemctl restart sshd.service重启sshd服务
再查看是否启动,果然起来了。
再用SecureCRT连接就连上了。
太曲折了。期间还执行了sudo yum install openssh-server安装ssh服务,修改了ifcfg-eth0,centos没有这个文件只有ifcfg-ens33,不知有用没,还有查看端口的、/etc/ssh/sshd_config文件的Post是不是22等等。最后终于解决了。