ssh升级步骤

手动升级openssh至7.5

 [ 回目录 ]软件准备：   

  从官网下载openssh openssl zlib pam软件

  下载链接如下：

http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/

https://www.openssl.org/source/

https://www.zlib.net/

http://linux-pam.org/library/Linux-PAM-1.3.0.tar.bz2

  [ 回目录 ]升级步骤：   

1.      上传准备好的四个源码包到TD服务器/opt目录

tdsysapp:/opt # ll *tar.*

-rw------- 1 root root 1302820 May 26 18:07Linux-PAM-1.3.0.tar.bz2

-rw------- 1 root root 1510857 May 26 16:28 openssh-7.5p1.tar.gz

-rw------- 1 root root 5365054 May 26 17:25 openssl-1.0.2l.tar.gz

-rw------- 1 root root  607698 May 26 17:57zlib-1.2.11.tar.gz

2.      分别解压软件，并修改解压后文件夹及子文件夹和文件的用户属组

# cd /opt

# tar xf openssh-7.5p1.tar.gz

# tar xf openssl-1.0.2l.tar.gz

# tar xf zlib-1.2.11.tar.gz

# tar xf Linux-PAM-1.3.0.tar.bz2

# chown root:root -R zlib-1.2.11/

# chown root:root -R openssl-1.0.2l/

# chown root:root -R openssh-7.5p1/

# chown root:root -R Linux-PAM-1.3.0/

3.      编译安装zlib

# cd /opt/zlib-1.2.11/

# ./configure

# make && make install

4.      编译安装openssl

# cd /opt/openssl-1.0.2l/

# ./config  --prefix=/usr--shared

# make

# make test

# make install

# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

# ldconfig

5.      编译安装PAM

# cd Linux-PAM-1.3.0/

# ./configure

# make && make install

6.      编译安装openssh

# cd /opt/openssh-7.5p1/

# ./configure --prefix=/usr --sysconfdir=/etc/ssh--with-md5-passwords --with-pam --with-tcp-wrappers--with-ssl-dir=/usr/local/ssl --without-hardening

# service sshd stop

# mv /etc/ssh /opt/ssh_bak/

# make && make install

# cp /etc/init.d/sshd /etc/init.d/sshd_old

# cp /etc/pam.d/sshd /etc/pam.d/sshd_old

# cp ./contrib/suse/rc.sshd /etc/init.d/sshd

修改/etc/ssh/sshd_config中 UsePAMyes

修改/etc/ssh/sshd_config中PermitRootLoginyes（如果一线操作系统禁用root直接登录，该步骤可以忽略）

# chmod +x /etc/init.d/sshd

# chkconfig --add sshd

# chkconfig sshd on

# ssh -V

如果回显为“OpenSSH_7.5p1,OpenSSL 1.0.2l  25 May 2017”表示升级成功

# ssh-keygen

#service sshd start