CenOS7.9升级OpenSSH到OpenSSH_9.6p1

升级后的版本

升级代码：

#updatSSHD.sh

#!/bin/bash

rm -rf /opt/openss*
cd /opt
echo -e  "Install_openssl"
    sleep 3
    wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz   --no-check-certificate
      
    tar -zxvf openssl-1.1.1w.tar.gz

	cd openssl-1.1.1w/

	./config --prefix=/usr/local/openssl

	./config -t

	make -j 4 && make install

    sleep 2

    if [ $? -eq 0 ]; then
        ldd /usr/local/openssl/bin/openssl
        echo "/usr/local/openssl/lib" >>/etc/ld.so.conf
        ldconfig -v
        mv /usr/bin/openssl /usr/bin/openssl.bak
        ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
        ll /usr/bin/openssl
        ldd /usr/local/openssl/bin/openssl

    else

        echo -e "flase"

    sleep 2

  exit

fi

    sleep 1
	echo -e "$(which openssl)"
	echo -e "$(openssl version)"



sleep 10

echo -e  "Install_openssh"
    sleep 5

	cd /opt
	
	wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz

	tar -zxvf openssh-9.6p1.tar.gz

	mv /etc/ssh /etc/ssh_bak
	
	cd openssh-9.6p1
    sleep 3
	./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam \
    --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man \
	--with-zlib=/usr/local/zlib --without-hardening

    sleep 5
	make -j 4 && make install

    sleep 5

  if [ $? -eq 0 ]; then

	 echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
         mv /usr/sbin/sshd /usr/sbin/sshd_bak
         mv /etc/sysconfig/sshd /opt
         mv  /usr/lib/systemd/system/sshd.service  /opt
         \cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
         
    sleep 3

      for i in $(rpm -qa |grep openssh);do rpm -e $i --nodeps ;done

         mv /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config
         mv /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config
         mv /etc/ssh/moduli.rpmsave /etc/ssh/moduli
         \cp -arf /usr/local/openssh/bin/* /usr/bin/
         \cp -arf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
         \cp /opt/openssh-8.2p1/contrib/redhat/sshd.init /etc/init.d/sshd
         \cp ./contrib/redhat/sshd.init /etc/init.d/sshd
         \cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
         mv /opt/sshd.service /usr/lib/systemd/system/

  else 
	 echo -e "flase"

   exit

fi

   sleep 5
	systemctl daemon-reload
	systemctl start sshd ; systemctl enable sshd
	systemctl status sshd

    sleep 2
	echo -e $(ssh -V)
	echo -e $(which ssh)


	
# -------有可能缺少的文件1内容---------------
openssh编译安装是检查pam模块，需添加/etc/pam.d/sshd 文件，没有时添加，有则无需添加

#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
## pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin


	
# -------有可能缺少的文件2内容-----“/etc/sysconfig/sshd”----------

# Configuration file for the sshd service.

# The server keys are automatically generated if they are missing.
# To change the automatic creation uncomment and change the appropriate
# line. Accepted key types are: DSA RSA ECDSA ED25519.
# The default is "RSA ECDSA ED25519"

# AUTOCREATE_SERVER_KEYS=""
# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"

# Do not change this option unless you have hardware random
# generator and you REALLY know what you are doing

SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1

检查安装是否成功：