参考 :
centos几步离线升级OpenSSH 8.6p1(或者OpenSSH8.8p1,亲测可用,纯离线快捷)_小轩的名古屋-CSDN博客_centos离线升级openssh
SSH 服务 异常报错“Failed to start OpenSSH Server daemon” 该怎么办???_happy_小丸子的博客-CSDN博客
SSH连接报错:Permission denied, please try again.的解决方法 - 云+社区 - 腾讯云
centos7.3升级openssh到7.7p1后root用户无法登陆的问题_kadwf123的专栏-CSDN博客_openssh升级后root用户无法登录
openssh升级遇到的坑_Jiaxin.Hong的博客-CSDN博客
[bash]删除文件中含特定字符串的行_JoeBlackZQQ的专栏-CSDN博客
centos版本 : CentOS Linux release 7.6.1810 (Core)
当前openss版本 : OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
注 : 升级后会修复以下漏洞
目标主机SSH服务存在RC4、CBC或None弱加密算法【原理扫描】
安装包下载:
CSDN
百度网盘
>openssh-8.8p1.tar.gz
百度网盘 请输入提取码
>telnet.tar
百度网盘 请输入提取码
vi run.sh
echo "查看当前openssh版本"
ssh -V
tar -zxvf openssh-8.8p1.tar.gz
tar -xf telnet.tar
# 报错停止运行
set -e
echo "安装telnet(预防ssh更新失败无法远程)"
cd telnet
rpm -Uvh *.rpm --nodeps --force
systemctl start telnet.socket
systemctl start xinetd
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
systemctl restart telnet.socket
echo "停止sshd"
service sshd status
echo "备份ssh文件"
cp -r /etc/ssh /etc/ssh`date -I`
cp -r /etc/pam.d /etc/pam.d`date -I`
cp -r /usr/bin/ssh /usr/bin/ssh`date -I`
echo "安装openssh8.8"
cd ../openssh-8.8p1
rpm -Uvh *.rpm --nodeps --force
echo "赋权"
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
echo "修改/etc/pam.d/sshd"
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak
cat > /etc/pam.d/sshd << 'EOF'
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
EOF
echo "增加允许root用户登录"
rm -rf /etc/ssh/sshd_config.bak
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sed -e '/PermitRootLogin/d' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp
rm -rf /etc/ssh/sshd_config
mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config << 'EOF'
PermitRootLogin yes
EOF
echo "重启sshd"
service sshd restart
sleep 2s
service sshd status
echo "查看是否升级成功"
ssh -V