问题
AlmaLinux 9.2 安装 net-snmp 后导致 sshd 无法启动,SSH 无法正常连接。并且在日志中发现OpenSSL version mismatch. Built against 30000010, you have 30200020错误。
问题排查
AlmaLinux 9.2 初始安装 openssl 的版本为 3.0.7。软件包为openssl-3.0.7-6。
# openssl version
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
#
# rpm -qa | grep openssl
openssl-libs-3.0.7-6.el9_2.x86_64
openssl-3.0.7-6.el9_2.x86_64
回顾执行dnf install net-snmp安装 net-snmp 时,发现会升级 openssl:
# dnf install net-snmp
Last metadata expiration check: 0:09:05 ago on Mon Apr 14 13:01:12 2025.
Dependencies resolved.
=================================================================================================
Package Architecture Version Repository Size
=================================================================================================
Installing:
net-snmp x86_64 1:5.9.1-17.el9 appstream 295 k
Upgrading:
openssl x86_64 1:3.2.2-6.el9_5.1 baseos 1.3 M
openssl-libs x86_64 1:3.2.2-6.el9_5.1 baseos 2.4 M
Installing dependencies:
...
如果安装完成的话,openssl 的版本会发生改变。即从 3.0.7 版本升级成 3.2.2 版本:
# openssl version
OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)
#
# rpm -qa | grep openssl
openssl-libs-3.2.2-6.el9_5.1.x86_64
openssl-3.2.2-6.el9_5.1.x86_64
此时重启 sshd 服务,则会启动失败
Apr 14 13:13:01 localhost.localdomain sshd[11709]: OpenSSL version mismatch. Built against 30000010, you have 30200020
Apr 14 13:13:01 localhost.localdomain systemd[1]: sshd.service: Main process exited, code=exited, status=255/EXCEPTION
解决
在此案例中,可通过升级 openssh 解决。首先查看原来 openssh 的版本:
# rpm -qa | grep openssh
openssh-8.7p1-28.el9.x86_64
openssh-clients-8.7p1-28.el9.x86_64
openssh-server-8.7p1-28.el9.x86_64
执行升级 openssh
dnf update openssh
升级后的 openssh 的版本:
# rpm -qa | grep openssh
openssh-8.7p1-43.el9.alma.2.x86_64
openssh-clients-8.7p1-43.el9.alma.2.x86_64
openssh-server-8.7p1-43.el9.alma.2.x86_64
再次尝试启动 sshd 服务:
systemctl start sshd
如果顺利 sshd 会正常启动。
评论