centos7 升级OPENSSH 到 8.6

CENTOS7 升级OPENSSH 到 8.6

1. yum升级到最新可用版本(openssh7.4p1)

yum update openssh

2. 安装telnet-server 以及 xinetd

yum install xinetd telnet-server -y

3. 配置telnet登录的终端类型，在/etc/securetty 文件末尾增加一些pts终端，如下

cat >> /etc/securetty <<EOF
pts/0
pts/1
pts/2
pts/3
EOF

4.启动telnet服务，并设置开机自动启动

systemctl enable xinetd 
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd

5.使用telnet 登陆,以后操作都是通过telnet

6.备份并移除老文件 ( 这些配置可能影响装完以后的登陆 所以备份)

mkdir /root/update
cd /root/update
cp /etc/ssh/sshd_config sshd_config
cp /etc/pam.d/sshd sshd
​
yum remove openssl-devel
rm -rf /etc/ssl

7.安装依赖包

yum install  -y gcc gcc-c++ glibc make autoconf pcre-devel  pam-devel
#yum install  -y pam* zlib*

8.下载openssh包和openssl的包

# https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
# https://ftp.openssl.org/source/
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz

9.安装 openssl

tar xfz openssl-1.1.1k.tar.gz
openssl version
mv /usr/bin/openssl /usr/bin/openssl_bak
cd openssl-1.1.1k
./config  --prefix=/usr/local --openssldir=/usr/local/ssl
make && make install
./config shared --prefix=/usr/local --openssldir=/usr/local/ssl
make clean
make && make install
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

10.安装openssh

rm -rf /etc/ssh
cd /root/update
tar xfz openssh-8.6p1.tar.gz
cd openssh-8.6p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl   --with-zlib   --with-md5-passwords   --with-pam
make && make install
cp -af contrib/redhat/sshd.init /etc/init.d/sshd
cp -af contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
​
ssh -V

11.配置openssh服务

##在我们解压的软件包目录下有自带的服务配置文件
[root@postgreSQL openssh-8.6p1]# ls contrib/redhat/sshd.init
contrib/redhat/sshd.init
​
    ##将其复制到启动配置文件的目录下
[root@postgreSQL openssh-8.6p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
​
    ##查看是否有执行权限，若没有，需要 chmod +x 来赋权
[root@postgreSQL openssh-8.6p1]# ls -l /etc/init.d/sshd 
-rwxr-xr-x 1 root root 1721 Apr 16 11:55 /etc/init.d/sshd
​
    ##添加服务
[root@postgreSQL openssh-8.6p1]# chkconfig --add sshd
​
    ##启动服务并查看状态
[root@postgreSQL openssh-8.6p1]# systemctl start sshd
[root@postgreSQL openssh-8.6p1]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
   Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
   Active: active (running) since Sat 2021-07-03 17:56:23 CST; 9s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 57383 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
 Main PID: 57391 (sshd)
   CGroup: /system.slice/sshd.service
           └─57391 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
​
Jul 03 17:56:23 postgreSQL systemd[1]: Starting SYSV: OpenSSH server daemon...
Jul 03 17:56:23 postgreSQL sshd[57383]: Starting sshd:[  OK  ]
Jul 03 17:56:23 postgreSQL systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) ...ory
Jul 03 17:56:23 postgreSQL sshd[57391]: Server listening on 0.0.0.0 port 22.
Jul 03 17:56:23 postgreSQL sshd[57391]: Server listening on :: port 22.
Jul 03 17:56:23 postgreSQL systemd[1]: Started SYSV: OpenSSH server daemon.
Hint: Some lines were ellipsized, use -l to show in full.
​
    ##顺便设置一下开机自动启动
    ##常规的 systemctl 设置会给予一个提示，命令被重定向了，那么就使用提示给的命令
[root@postgreSQL openssh-8.6p1]# systemctl enable sshd
sshd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig sshd on
​
    ##再次设置开机启动
    ##下面显示2、3、4、5是on就可以，其数字代表启动级别
[root@postgreSQL openssh-8.6p1]# /sbin/chkconfig sshd on
[root@postgreSQL openssh-8.6p1]# chkconfig --list sshd
​
Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overridden by native
      systemd configuration.
​
      If you want to list systemd services use 'systemctl list-unit-files'.
      To see services enabled on particular target use
      'systemctl list-dependencies [target]'.
​
sshd               0:off    1:off    2:on    3:on    4:on    5:on    6:off
​
    ##现在的情况下，就已经可以连接了，但是不能登录，依然提示输入密码
    ##类似的情况之前设置telnet时也出现了，所以要为用户设置登录的权限
    ##结尾添加即可
cat >> /etc/ssh/sshd_config <<EOF
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
EOF
​
    ##重启服务
[root@postgreSQL openssh-8.6p1]# service sshd restart
​

12. 检测ssh 可以正常登陆,使用ssh登陆,然后 停止telnet服务 并 移除

systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd 
systemctl disable telnet.socket