1. yum升级到最新可用版本(openssh7.4p1)
yum update openssh
2. 安装telnet-server 以及 xinetd
yum install xinetd telnet-server -y
3. 配置telnet登录的终端类型,在/etc/securetty 文件末尾增加一些pts终端,如下
cat >> /etc/securetty <<EOF
pts/0
pts/1
pts/2
pts/3
EOF
4.启动telnet服务,并设置开机自动启动
systemctl enable xinetd
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
5.使用telnet 登陆,以后操作都是通过telnet
6.备份并移除老文件 ( 这些配置可能影响装完以后的登陆 所以备份)
mkdir /root/update
cd /root/update
cp /etc/ssh/sshd_config sshd_config
cp /etc/pam.d/sshd sshd
yum remove openssl-devel
rm -rf /etc/ssl
7.安装依赖包
yum install -y gcc gcc-c++ glibc make autoconf pcre-devel pam-devel
#yum install -y pam* zlib*
8.下载openssh包和openssl的包
# https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
# https://ftp.openssl.org/source/
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz
9.安装 openssl
tar xfz openssl-1.1.1k.tar.gz
openssl version
mv /usr/bin/openssl /usr/bin/openssl_bak
cd openssl-1.1.1k
./config --prefix=/usr/local --openssldir=/usr/local/ssl
make && make install
./config shared --prefix=/usr/local --openssldir=/usr/local/ssl
make clean
make && make install
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version
10.安装openssh
rm -rf /etc/ssh
cd /root/update
tar xfz openssh-8.6p1.tar.gz
cd openssh-8.6p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam
make && make install
cp -af contrib/redhat/sshd.init /etc/init.d/sshd
cp -af contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
ssh -V
11.配置openssh服务
##在我们解压的软件包目录下有自带的服务配置文件
[root@postgreSQL openssh-8.6p1]# ls contrib/redhat/sshd.init
contrib/redhat/sshd.init
##将其复制到启动配置文件的目录下
[root@postgreSQL openssh-8.6p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
##查看是否有执行权限,若没有,需要 chmod +x 来赋权
[root@postgreSQL openssh-8.6p1]# ls -l /etc/init.d/sshd
-rwxr-xr-x 1 root root 1721 Apr 16 11:55 /etc/init.d/sshd
##添加服务
[root@postgreSQL openssh-8.6p1]# chkconfig --add sshd
##启动服务并查看状态
[root@postgreSQL openssh-8.6p1]# systemctl start sshd
[root@postgreSQL openssh-8.6p1]# systemctl status sshd
● sshd.service - SYSV: OpenSSH server daemon
Loaded: loaded (/etc/rc.d/init.d/sshd; bad; vendor preset: enabled)
Active: active (running) since Sat 2021-07-03 17:56:23 CST; 9s ago
Docs: man:systemd-sysv-generator(8)
Process: 57383 ExecStart=/etc/rc.d/init.d/sshd start (code=exited, status=0/SUCCESS)
Main PID: 57391 (sshd)
CGroup: /system.slice/sshd.service
└─57391 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
Jul 03 17:56:23 postgreSQL systemd[1]: Starting SYSV: OpenSSH server daemon...
Jul 03 17:56:23 postgreSQL sshd[57383]: Starting sshd:[ OK ]
Jul 03 17:56:23 postgreSQL systemd[1]: Can't open PID file /var/run/sshd.pid (yet?) ...ory
Jul 03 17:56:23 postgreSQL sshd[57391]: Server listening on 0.0.0.0 port 22.
Jul 03 17:56:23 postgreSQL sshd[57391]: Server listening on :: port 22.
Jul 03 17:56:23 postgreSQL systemd[1]: Started SYSV: OpenSSH server daemon.
Hint: Some lines were ellipsized, use -l to show in full.
##顺便设置一下开机自动启动
##常规的 systemctl 设置会给予一个提示,命令被重定向了,那么就使用提示给的命令
[root@postgreSQL openssh-8.6p1]# systemctl enable sshd
sshd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig sshd on
##再次设置开机启动
##下面显示2、3、4、5是on就可以,其数字代表启动级别
[root@postgreSQL openssh-8.6p1]# /sbin/chkconfig sshd on
[root@postgreSQL openssh-8.6p1]# chkconfig --list sshd
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
##现在的情况下,就已经可以连接了,但是不能登录,依然提示输入密码
##类似的情况之前设置telnet时也出现了,所以要为用户设置登录的权限
##结尾添加即可
cat >> /etc/ssh/sshd_config <<EOF
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
EOF
##重启服务
[root@postgreSQL openssh-8.6p1]# service sshd restart
12. 检测ssh 可以正常登陆,使用ssh登陆,然后 停止telnet服务 并 移除
systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd
systemctl disable telnet.socket