openssh升级

Openssh7.9升级
先备份文件

mkdir -p /bak
cp -ar /etc/ssh /bak

构建rpm包升级openssh

[root@localhost ~]# mkdir -p /usr/src/redhat/{SOURCES,SPECS}

[root@localhost ~]# cd /usr/src/redhat/SOURCES/

[root@localhost SOURCES]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz

[root@localhost SOURCES]# tar -zvxf openssh-7.9p1.tar.gz openssh-7.9p1/contrib/redhat/openssh.spec

[root@localhost SOURCES]# mv openssh-7.9p1/contrib/redhat/openssh.spec ../SPECS/

[root@localhost SOURCES]# chown sshd:sshd /usr/src/redhat/SPECS/openssh.spec

[root@localhost SOURCES]# cp /usr/src/redhat/SPECS/openssh.spec  /usr/src/redhat/SPECS/openssh.spec_def

[root@localhost SOURCES]# sed -i -e "s/%define no_gnome_askpass 0/%define no_gnome_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec

[root@localhost SOURCES]# sed -i -e "s/%define no_x11_askpass 0/%define no_x11_askpass 1/g" /usr/src/redhat/SPECS/openssh.spec

[root@localhost SOURCES]# mkdir -p ~/rpmbuild/SOURCES/

[root@localhost SOURCES]# cp /usr/src/redhat/SOURCES/openssh-7.9p1.tar.gz ~/rpmbuild/SOURCES/

[root@localhost SOURCES]# cd /usr/src/redhat/SPECS/

[root@localhost SPECS]# rpmbuild -ba openssh.spec

生成rpm包后直接解压进入目录

[root@localhost ~]# cd rpmbuild/RPMS/x86_64/
[root@localhost x86_64]# ls
openssh-7.9p1-1.el7.x86_64.rpm  openssh-clients-7.9p1-1.el7.x86_64.rpm  openssh-server-7.9p1-1.el7.x86_64.rpm
[root@localhost x86_64]# rpm -Uvh openssh-*
[root@localhost ssh]# systemctl restart sshd

发现不能启动查看/var/log/messgae

这里需修改这三个key文件权限为600并重启

[root@localhost ssh]# chmod 600 ssh_host_rsa_key
[root@localhost ssh]# ll
total 600
-rw-------. 1 root root     565252 Feb 25 14:59 moduli
-rw-r--r--. 1 root root       1495 Feb 25 14:59 ssh_config
-rw-------. 1 root root       3927 Dec  3 09:56 sshd_config
-rw-------. 1 root root       3129 Feb 25 14:59 sshd_config.rpmnew
-rw-------. 1 root root       1393 Mar  1 15:56 ssh_host_dsa_key
-rw-r--r--. 1 root root        616 Mar  1 15:56 ssh_host_dsa_key.pub
-rw-r-----. 1 root ssh_keys    227 Nov  8 14:36 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 Nov  8 14:36 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 Nov  8 14:36 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 Nov  8 14:36 ssh_host_ed25519_key.pub
-rw-------. 1 root ssh_keys   1679 Nov  8 14:36 ssh_host_rsa_key
-rw-r--r--. 1 root root        382 Nov  8 14:36 ssh_host_rsa_key.pub
[root@localhost ssh]# chmod 600 ssh_host_ecdsa_key
[root@localhost ssh]# chmod 600 ssh_host_ed25519_key

重启查看sshd服务以及监听22端口
因openssh7.9默认限制root用户远程访问并因这里修改之后还是不能远程需修改以下两个配置
PermitRootLogin yes
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no
#UsePAM yes
再次重启服务并远程登陆成功

如显示这样报错
error: Could not get shadow information for root
selinux 问题 设置selinux即可