查看/etc/ssh/ssh_host_ed25519_key權限是755,其他用戶也有訪問權限,修改該文件權限為600后,重啟sshd服務成功
啟動后,發現/etc/ssh/ssh_host_rsa_key和/etc/ssh/ssh_host_ecdsa_key文件也是755權限,也需要修改為600權限
# systemctl status sshd.service
* sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-06-15 20:51:35 CST; 3min 53s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 127264 (sshd)
CGroup: /system.slice/sshd.service
`-127264 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: Permissions 0755 for '/etc/ssh/ssh_host_rsa_key' are too open.
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: It is required that your private key files are NOT accessible by others.
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: This private key will be ignored.
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: Permissions 0755 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: It is required that your private key files are NOT accessible by others.
Jun 15 20:53:59 localhost.localdomain sshd[15771]: error: This private key will be ignored.
Jun 15 20:54:01 localhost.localdomain sshd[15771]: Accepted password for root from 10.56.55.44 port 64206 ssh2
參考鏈接: