升级OPenSSH

安装包下载

cd ~
wget http://www.zlib.net/zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz

依赖包

yum install -y openssl-devel zlib-devel gcc perl-Test-Harness pam-devel

安装zlib

cd ~
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11/
./configure
make && make install

安装openssl

cd ~
tar -zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g/
./config  --prefix=/usr/local/openssl --openssldir=/usr/local/ssl
make && make install

./config shared --prefix=/usr/local/openssl --openssldir=/usr/local/ssl
make clean 
make && make install

echo "/usr/local/ssl" >> /etc/ld.so.conf && ldconfig #模块加载
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 #库加载
ln -s /usr/local/openssl/lib/libcrypto.so.1.1  /usr/lib64/libcrypto.so.1.1 #库加载

安装openssh

cd ~
cp -r /etc/ssh/ /etc/ssh_bak #配置文件备份
tar -zxvf openssh-8.4p1.tar.gz
cd openssh-8.4p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh2  --with-ssl-dir=/usr/local/openssl/ --without-openssl-header-check --with-md5-passwords --with-pam --with-tcp-wrappers --without-hardening

make && rpm -e --nodeps `rpm -qa | grep openssh` #make 成功后,删除旧版ssh

make install

环境变量恢复

cd ~/openssh-8.4p1
cp contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd
ln -s /usr/local/openssh/sbin/sshd  /usr/sbin/sshd
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-agent /usr/bin/ssh-agent
ln -s /usr/local/openssh/bin/scp /usr/bin/scp
ln -s /usr/local/openssh/bin/ssh-add /usr/bin/ssh-add

#配置sshd配置文件(配置文件位置位于/etc/ssh2目录下,旧版本的配置文件与新版本不太兼容)
cat >> /etc/ssh2/sshd_config << EOF
PermitEmptyPasswords no
Protocol 2
PermitRootLogin yes
passwordAuthentication yes
UseDNS no
X11Forwarding yes
PermitRootLogin yes
EOF

启动sshd

service sshd start

重启验证

shutdown -r now

检验版本

ssh -V

你可能感兴趣的:(升级OPenSSH)