************本文档适用于Linux7.x从openssh7.4p1升级到openssh8.4p1************
1、升级准备工作
1.1、查看系统版本和ssh版本
cat /etc/redhat-release
ssh -V
可以看已经升级到7.4p1了,下面将从openssh7.4p1升级到openssh8.4p1
1.2、yum安装需要的依赖包
# 0 config yum source
cd /etc/yum.repos.d
tar -zcvf repo.tar.gz *.repo
rm -rf *.repo
cd /etc/yum.repos.d/
vi local.repo
#输入以下内容,并保存,要根据不同版本修改url,6.5配rhel65,6.7配置rhel67
#测试环境:
[base]
name=local
baseurl=http://192.168.*.*/rhel76
enabled=1
gpgcheck=0
yum clean all && yum makecache
yum -y install gcc gcc-c++ kernel-devel
2、安装包准备
2.1、上传安装包
zlib-1.2.11.tar.gz
openssl-1.1.1h.tar.gz
openssh-8.4p1.tar.gz
2.2、解压安装包,将安装包解压到/usr/local/src下面
tar xf openssh-8.4p1.tar.gz -C /usr/local/src/
tar xf openssl-1.1.1h.tar.gz -C /usr/local/src/
tar xf zlib-1.2.11.tar.gz -C /usr/local/src/
ll /usr/local/src/
3、安装
3.1、安装zlib-1.2.11.tar.gz
# cd /usr/local/src/zlib-1.2.11/
# ./configure --prefix=/usr/local/zlib && make -j 4 && make install
3.2、安装 openssl-1.1.1h.tar.gz
# cd /usr/local/src/openssl-1.1.1h/
# ./config --prefix=/usr/local/openssl -d shared
# make -j 4 && make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ll /usr/bin/openssl
ll /usr/include/openssl
mv /etc/ssl /etc/ssl.bak
ln -s /usr/local/openssl/ssl /etc/ssl
ll /etc/ssl
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
ldconfig -v
3.3、安装openssh-8.4p1.tar.gz
mv /etc/ssh /etc/ssh.bak
cd /usr/local/src/openssh-8.4p1/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make -j 4 && make install
sshd_config文件修改
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
echo "kexalgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" >> /etc/ssh/sshd_config
备份 /etc/ssh 原有文件,并将新的配置复制到指定目录
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp -rf /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
查看版本ssh -V
vi /etc/ssh/sshd_config
#Port 22
Port 8022
4、启动sshd
systemctl stop sshd.service
rm -rf /lib/systemd/system/sshd.service
systemctl daemon-reload
cp /usr/local/src/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart
systemctl status sshd
添加开机启动
chkconfig --add sshd
chkconfig --list sshd