分类目录归档：Linux

解决CentOS 7 上yum update时出现的Error: Multilib version problems found.

现象描述

CentOS 7.5 系统，sudo yum update，出现如下错误：

Error:  Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. Eg.:
       
 1. You have an upgrade for audit-libs which is missing some dependency that another package requires. Yum is trying to solve this by installing an older version of audit-libs of the different architecture. If you exclude the bad architecture yum will tell you what the root cause is (which package requires what). You can try redoing the upgrade with --exclude audit-libs.otherarch ... this should give you an error message showing the root cause of the problem.
       
 2. You have multiple architectures of audit-libs installed, but yum can only see an upgrade for one of those architectures.
 If you don't want/need both architectures anymore then you can remove the one with the missing update and everything will work.
       
 3. You have duplicate versions of audit-libs installed already. You can use "yum check" to get yum show these errors. ...you can also use --setopt=protected_multilib=false to remove this checking, however this is almost never the correct thing to do as something else is very likely to go wrong (often causing much more problems).
       
 Protected multilib versions: -2.8.1-3.el7_5.1.i686 != audit-libs-2.8.1-3.el7.x86_64
Error: Protected multilib versions: systemd-libs-219-57.el7_5.1.i686 != systemd-libs-219-57.el7.x86_64

尝试单独更新相关软件包

单独更新audit-libs，失败

sudo yum update audit-libs

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.usc.edu
 * elrepo-kernel: repos.lax-noc.com
 * epel: mirrors.develooper.com
 * extras: mirrors.xtom.com
 * updates: mirror.hostduplex.com
 * webtatic: us-east.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package audit-libs.i686 0:2.8.1-3.el7 will be updated
---> Package audit-libs.x86_64 0:2.8.1-3.el7 will be updated
--> Processing Dependency: audit-libs(x86-64) = 2.8.1-3.el7 for package: audit-libs-python-2.8.1-3.el7.x86_64
--> Processing Dependency: audit-libs(x86-64) = 2.8.1-3.el7 for package: audit-2.8.1-3.el7.x86_64
---> Package audit-libs.i686 0:2.8.1-3.el7_5.1 will be an update
---> Package audit-libs.x86_64 0:2.8.1-3.el7_5.1 will be an update
--> Running transaction check
---> Package audit.x86_64 0:2.8.1-3.el7 will be updated
---> Package audit.x86_64 0:2.8.1-3.el7_5.1 will be an update
---> Package audit-libs-python.x86_64 0:2.8.1-3.el7 will be updated
---> Package audit-libs-python.x86_64 0:2.8.1-3.el7_5.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved
=======================================================================================================================================================
 Package                                  Arch                          Version                                   Repository                      Size
=======================================================================================================================================================
Updating:
 audit-libs                               i686                          2.8.1-3.el7_5.1                           updates                        100 k
 audit-libs                               x86_64                        2.8.1-3.el7_5.1                           updates                         99 k
Updating for dependencies:
 audit                                    x86_64                        2.8.1-3.el7_5.1                           updates                        247 k
 audit-libs-python                        x86_64                        2.8.1-3.el7_5.1                           updates                         75 k

Transaction Summary
=======================================================================================================================================================
Upgrade  2 Packages (+2 Dependent packages)

Total size: 521 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test


Transaction check error:
  package audit-libs-2.8.1-3.el7_5.1.x86_64 is already installed

Error Summary
-------------

单独更新systemd-libs，失败

sudo yum update systemd-libs

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.usc.edu
 * elrepo-kernel: repos.lax-noc.com
 * epel: mirrors.develooper.com
 * extras: mirrors.xtom.com
 * updates: mirror.hostduplex.com
 * webtatic: us-east.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package systemd-libs.i686 0:219-57.el7 will be updated
--> Processing Dependency: systemd-libs = 219-57.el7 for package: systemd-219-57.el7.x86_64
--> Processing Dependency: systemd-libs = 219-57.el7 for package: libgudev1-219-57.el7.x86_64
---> Package systemd-libs.x86_64 0:219-57.el7 will be updated
--> Processing Dependency: systemd-libs = 219-57.el7 for package: systemd-219-57.el7.x86_64
---> Package systemd-libs.i686 0:219-57.el7_5.1 will be an update
---> Package systemd-libs.x86_64 0:219-57.el7_5.1 will be an update
--> Running transaction check
---> Package libgudev1.x86_64 0:219-57.el7 will be updated
---> Package libgudev1.x86_64 0:219-57.el7_5.1 will be an update
---> Package systemd-libs.i686 0:219-57.el7 will be updated
--> Processing Dependency: systemd-libs = 219-57.el7 for package: systemd-219-57.el7.x86_64
---> Package systemd-libs.x86_64 0:219-57.el7 will be updated
--> Processing Dependency: systemd-libs = 219-57.el7 for package: systemd-219-57.el7.x86_64
--> Finished Dependency Resolution
Error: Package: systemd-219-57.el7.x86_64 (@base)
           Requires: systemd-libs = 219-57.el7
           Removing: systemd-libs-219-57.el7.i686 (@base)
               systemd-libs = 219-57.el7
           Updated By: systemd-libs-219-57.el7_5.1.i686 (updates)
               systemd-libs = 219-57.el7_5.1
 You could try using --skip-broken to work around the problem
** Found 18 pre-existing rpmdb problem(s), 'yum check' output follows:
....

解决办法

系统是64位的，我们在上一步发现了两个不符合x86_64构架的包全名：

audit-libs.i686 0:2.8.1-3.el7

systemd-libs-219-57.el7.i686

需要做的就是移除它们：

sudo yum remove audit-libs.i686 0:2.8.1-3.el7

sudo yum remove systemd-libs-219-57.el7.i686

然后更新系统即可：
sudo yum update

为Debian 9 stretch的SSH登录安装并启用谷歌两步验证（google authenticator）

发表评论

以密钥方式登录vps提供了更高的安全性，但以用户名密码登录vps的方式比用密钥方式更适用于经常多个地方登录的情况，此时需要加用两步验证防止用户名密码泄漏的情况。目前网上搜索到的教程多半已经过时，但稍有不慎，容易配置失误导致自己无法登录vps。本文就如何在Debian 9上正确的设置谷歌两步验证做个介绍。

开始之前需要先有个Debian 9；
下文出现的命令都是一行一条，虽然有时可以全部复制一起执行，但不建议这么做，还是老老实实一行一行执行吧。无特殊说明均以root用户执行。

1 更新系统

apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y

2 安装所需的软件包

apt-get install wget make gcc libpam0g-dev git autotools-dev autoconf libtool qrencode -y

3 下载并安装两步验证源码

假设打算将源码放到/usr/local/src目录下:

cd /usr/local/src
git clone https://github.com/google/google-authenticator-libpam.git
cd google-authenticator-libpam/
./bootstrap.sh
./configure
make
make install

在安装信息中可以看到有这样一行：
libtool: install: /usr/bin/install -c .libs/pam_google_authenticator.so /usr/local/lib/security/pam_google_authenticator.so
这个信息提供了开启两步验证所需的最重要的文件的安装路径，很多教程无法成功启用两步验证就在于此。

4 修改ssh相关配置文件

4.1 修改sshd_config

将ChallengeResponseAuthentication的no改为yes：

vi /etc/ssh/sshd_config

...
ChallengeResponseAuthentication yes
...

4.2 修改sshd

在/etc/pam.d/sshd第一行后加入auth required /usr/local/lib/security/pam_google_authenticator.so。

vi /etc/pam.d/sshd

# PAM configuration for the Secure Shell service
auth       required     /usr/local/lib/security/pam_google_authenticator.so

# Standard Un*x authentication.
...

5 开启两步验证

当以root用户安装完两步验证后，需要针对某个用户启用两步验证，需要切换为该用户时才能正确启用。假设为名为jackson的用户开启两步验证，需要切换为该用户：

su jackson

然后运行如下命令配置两步验证：

google-authenticator

依次输入5个“y”并回车确认安装即可。
注意备份好密钥(secret key)和备用验证码(emergency scratch codes)。
重启sshd来使两步验证即时生效：

sudo service sshd restart

注意此时不要关闭ssh登录窗口。因为如果启用失败，而又关闭了这个已登录的窗口会把自己挡在外面的。

6 验证是否开启成功

用app扫描二维码或者手动输入密钥启用两步验证，然后打开一个新的ssh窗口尝试登录vps，以查看是否成功启用两步验证。

VPS上的Debian 8 jessie 升级到Debian 9 stretch 的方法

发表评论

对于追新的一些人来说，总想使用最新的系统，但目前VPS上基本没有Debian 9 stretch的模板可用，但是有Debian 8 jessie的模板，这时就需要升级到Debian 9。在升级过程中，某些配置文件会被替换掉，比如开启了两步验证，更改了ssh端口等，更改起来还是需要耐心的，一不小心就登录不了了。所以建议能不更新就不要更新。如果要更新，就备份好文件，然后重装Debian 8，再升级到9。我们按照这个最保险的思路来进行吧。

1 重装Debian 8并更新系统

1.1 重装Debian 8

首先在vps上重新安装Debian 8，记下密码，以root身份登录vps后，可以看到系统版本为8.0：

cat /etc/debian_version
8.0

1.2 更新Debian 8

将Debian 8 更新到最新：

apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y

更新过程中，可能会碰到的情况：
更新到ca-certificates时暂停并跳出相关信息，按q即可。

2 更新软件包列表到Debian 9

备份Debian 8的软件包列表：

cp /etc/apt/sources.list /etc/apt/sources.list_Debian8

替换Debian 8 软件包列表到Debian 9：

sed -i 's/jessie/stretch/g' /etc/apt/sources.list

3 系统更新到Debian 9


apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y

更新过程中，可能会碰到的情况：
更新到ca-certificates时暂停并跳出相关信息，按q即可;
更新到apt时暂停并跳出相关信息，按q即可;
跳出Configuring libc6:amd64窗口时，选yes，回车后继续。

4 移除不再需要的软件包

apt autoremove -y

Coldawn

The dawn will conquer the long cold dark nights of winter.