RHEL 7 SSH 服务启动停止重新启动

Question 1

无法为 systemd 启用该类型的输出：https://bugzilla.redhat.com/show_bug.cgi?id=1148571

但是，它肯定会让您知道它是否失败以及如何检查有关失败原因的更多信息。

Answer

无法为 systemd 启用该类型的输出：https://bugzilla.redhat.com/show_bug.cgi?id=1148571

但是，它肯定会让您知道它是否失败以及如何检查有关失败原因的更多信息。

Question 2

回到 Redhat 5（和 6），这就是在里面使用方式/etc/init.d。Redhat 7 使用系统您可以花一天的剩余时间在网络上搜索并阅读文章来比较它们的差异、优点、缺点等等。

你过去常做

/etc/init.d/sshd status
/etc/init.d/sshd start
/etc/init.d/sshd stop
/etc/init.d/sshd restart

or you may be more familiar with     service sshd <start|stop|restart|status>

在 RHEL 7 中你可以

systemctl status sshd
systemctl start sshd
systemctl stop sshd
systemctl restart sshd

service sshd <start|stop|restart|status> will also work but you'll get an info statement saying "redirecting to /bin/systemctl"

这样做systemctl status sshd可能会让你清楚地知道哪里出了问题；以及查找/var/log/messages报告的错误。

在 RHEL 7.x（和许多其他 linux）中，服务器上的 SSHd 在文件中配置/etc/ssh/sshd_config。您需要查看此文件并确保设置正确，因为 (a) 如果没有，则服务将无法启动，并会被报告系统控制状态(b) 如果服务确实以绿色 OK 启动，您可能仍然无法通过 ssh 进入您的系统。

这是默认值/etc/ssh/sshd_config，实际上来自 Centos 7.6，但应该与 RHEL 7.6 完全相同；如果您的 SSH 服务无法启动，那么您可以尝试备份现有的sshd_配置到/etc/ssh/sshd_config_old并使用这个；如果 sshd 服务仍然无法启动，那么它不是sshd_配置文件问题，因为这是 RHEL/Centos 7 安装附带的默认文件，适用于新安装的每个人。

#   $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem   sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Answer

回到 Redhat 5（和 6），这就是在里面使用方式/etc/init.d。Redhat 7 使用系统您可以花一天的剩余时间在网络上搜索并阅读文章来比较它们的差异、优点、缺点等等。

你过去常做

/etc/init.d/sshd status
/etc/init.d/sshd start
/etc/init.d/sshd stop
/etc/init.d/sshd restart

or you may be more familiar with     service sshd <start|stop|restart|status>

在 RHEL 7 中你可以

systemctl status sshd
systemctl start sshd
systemctl stop sshd
systemctl restart sshd

service sshd <start|stop|restart|status> will also work but you'll get an info statement saying "redirecting to /bin/systemctl"

这样做systemctl status sshd可能会让你清楚地知道哪里出了问题；以及查找/var/log/messages报告的错误。

在 RHEL 7.x（和许多其他 linux）中，服务器上的 SSHd 在文件中配置/etc/ssh/sshd_config。您需要查看此文件并确保设置正确，因为 (a) 如果没有，则服务将无法启动，并会被报告系统控制状态(b) 如果服务确实以绿色 OK 启动，您可能仍然无法通过 ssh 进入您的系统。

这是默认值/etc/ssh/sshd_config，实际上来自 Centos 7.6，但应该与 RHEL 7.6 完全相同；如果您的 SSH 服务无法启动，那么您可以尝试备份现有的sshd_配置到/etc/ssh/sshd_config_old并使用这个；如果 sshd 服务仍然无法启动，那么它不是sshd_配置文件问题，因为这是 RHEL/Centos 7 安装附带的默认文件，适用于新安装的每个人。

#   $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem   sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

Question 3

使用RH5SVR4初始化管理守护进程的程序。 RH7掉落SVR4初始化并将其替换为系统。

该service命令已过时，您将停止使用它。service现在是“新”命令的简单包装器systemctl（用于重新兼容 LSB 规范）。

据我所知，systemctl不支持任何类型输出标签。

如果您需要以编程方式检查服务的状态，systemctl可以提供许多“命令”来获取服务的状态。例如systemctl is-active sshd.service，，，，。systemctl is-enabled sshd.servicesystemctl is-failed sshd.servicesystemctl is-system-running sshd.service

Answer

使用RH5SVR4初始化管理守护进程的程序。 RH7掉落SVR4初始化并将其替换为系统。

该service命令已过时，您将停止使用它。service现在是“新”命令的简单包装器systemctl（用于重新兼容 LSB 规范）。

据我所知，systemctl不支持任何类型输出标签。

如果您需要以编程方式检查服务的状态，systemctl可以提供许多“命令”来获取服务的状态。例如systemctl is-active sshd.service，，，，。systemctl is-enabled sshd.servicesystemctl is-failed sshd.servicesystemctl is-system-running sshd.service

RHEL 7 SSH 服务启动停止重新启动

答案1

答案2

答案3

相关内容