升级OpenSSH版本至OpenSSH_9.3p1

一、以防万一部署telnet
mkdir telnet
rpm -ivh xinetd-2.3.15-14.el7.x86_64.rpm
rpm -ivh telnet-0.17-65.el7_8.x86_64.rpm
rpm -ivh telnet-server-0.17-65.el7_8.x86_64.rpm
rpm -qa | grep telnet
rpm -qa | grep xinetd

service xinetd restart
systemctl start telnet.socket
systemctl start xinetd

二、升级OpenSSH

1、上传安装包到/usr/local 下
tar -xzvf openssh-9.3.tar.gz
tar -xzvf ssl-1.1.1.tar.gz
tar -xzvf zlib-1.2.13.tar.gz
安装openssl
2、echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
  ln /usr/local/ssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

3、mv /etc/ssh /etc/ssh.bak
  上传ssh-config.tar.gz到/etc/下
  cd /etc/
  tar -xzvf ssh-config.tar.gz
  cd /etc/ssh
cp -rf ssh_host_ecdsa_key ssh_host_dsa_key
cp -rf ssh_host_ecdsa_key.pub ssh_host_dsa_key.pub

4、mv /usr/sbin/sshd /usr/sbin/sshd.bak
  cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
  mv /usr/bin/ssh /usr/bin/ssh.bak
  cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh 
  mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
  cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

5、上传config.tar.gz 到 /usr/local下
mv /etc/init.d/sshd /etc/init.d/sshd.bak
mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam.bak
cp -a config/sshd.init  /etc/init.d/sshd
cp -a config/sshd.pam /etc/pam.d/sshd.pam
chmod u+x /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service.bak

修改sshd_config配置文件,最后添加一下内容（去掉 arcfour、arcfour128、arcfour256 等弱加密算法）
  禁用弱MAC算法。

vim /etc/ssh/sshd_config

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1

6、chkconfig --add sshd
  chkconfig sshd on
  systemctl daemon-reload
  systemctl restart sshd