今天用SecureCRT远程连接Linux(Centos 7)时,连不上,报错The remote system refused the connection.
于是就百度,首先查看sshd服务有没有启动
只有ssh-agent,于是去启动sshd
执行如下命令cd /etc/init.d
systemctl restart sshd.service
没有成功,报错 Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
。
再使用这个命令journalctl -xe
看错误信息,具体报错信息如下。
[root@localhost ssh]# systemctl restart sshd.serviceJob for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.[root@localhost ssh]# journalctl -xe12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_rsa_key' are too open.12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_rsa_key12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12月 05 10:45:01 localhost.localdomain sshd[11508]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_ecdsa_key' are too open.12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key12月 05 10:45:01 localhost.localdomain systemd[1]: sshd.service: main process exited, code=exited, status=1/FAILURE12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12月 05 10:45:01 localhost.localdomain sshd[11508]: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @12月 05 10:45:01 localhost.localdomain sshd[11508]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@12月 05 10:45:01 localhost.localdomain sshd[11508]: Permissions 0715 for '/etc/ssh/ssh_host_ed25519_key' are too open.12月 05 10:45:01 localhost.localdomain sshd[11508]: It is required that your private key files are NOT accessible by others.12月 05 10:45:01 localhost.localdomain sshd[11508]: This private key will be ignored.12月 05 10:45:01 localhost.localdomain sshd[11508]: key_load_private: bad permissions12月 05 10:45:01 localhost.localdomain sshd[11508]: Could not load host key: /etc/ssh/ssh_host_ed25519_key12月 05 10:45:01 localhost.localdomain sshd[11508]: sshd: no hostkeys available -- exiting.12月 05 10:45:01 localhost.localdomain systemd[1]: Failed to start OpenSSH server daemon.-- Subject: Unit sshd.service has failed-- Defined-By: systemd-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel-- -- Unit sshd.service has failed.-- -- The result is failed.12月 05 10:45:01 localhost.localdomain systemd[1]: Unit sshd.service entered failed state.12月 05 10:45:01 localhost.localdomain systemd[1]: sshd.service failed.12月 05 10:45:01 localhost.localdomain polkitd[7760]: Unregistered Authentication Agent for unix-process:11502:197209 (system bus name :1.14lines 1492-1525/1525 (END)
看到很多Permissions
这个词,权限。
诸如;Permissions 0715 for '/etc/ssh/ssh_host_rsa_key' are too open.
key_load_private: bad permissions
的错,这是一些密钥文件,也就是说没有权限访问这几个文件,可我用的root啊也没权限,奇怪了。
那么我们看看这三个文件现在的权限是什么。切到/etc/ssh
下ll
查看,这三个文件的权限是755,感觉没啥问题啊。继续百度吧。
搜了好久,有篇博文说执行这个命令chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
也就是修改这个三个文件的权限为600
再执行systemctl restart sshd.service
重启sshd服务
再查看是否启动,果然起来了。
再用SecureCRT连接就连上了。
太曲折了。期间还执行了sudo yum install openssh-server
安装ssh服务,修改了ifcfg-eth0,centos没有这个文件只有ifcfg-ens33,不知有用没,还有查看端口的、/etc/ssh/sshd_config文件的Post是不是22等等。最后终于解决了。