一、升级前提
已经有openssh服务,且设置过开机自启
注:ubuntu-18.04.4-live-server-amd64系统安装时,可选择是否安装openssh服务(选择x即可,其他不用)
二、依赖文件及下载地址
gcc及依赖包链接
链接:https://pan.baidu.com/s/1GGqpKPZ_5ROCwMFTUOSIvA
提取码:lknf
zlib-1.2.11.tar.gz 下载地址:http://www.zlib.net/zlib-1.2.11.tar.gz
openssl-1.1.1h.tar.gz 下载地址:https://www.openssl.org/source/openssl-1.1.1h.tar.gz
openssh-8.4p1.tar.gz 下载地址:http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz
三、安装顺序
1.先安装gcc
2.然后安装zlib
3.在安装openssl
4.最后安装openssh
四、安装命令(切换至root,否则无法创建文件)
切换root
#sudo passwd root
输入两遍密码
#su root
给文件夹赋权,否则无法上传文件
#chmod 777 /home
上传文件至/home
安装gcc
# apt install -y /home/gcc_make/*.deb
安装zlib
#cd /home
#tar zxf zlib-1.2.11.tar.gz
#cd zlib-1.2.11
# ./configure --shared
# make -j 4 && make install
务必要复制这两个文件,否则后续安装会失败
# cp zutil.h /usr/local/include/
# cp zutil.c /usr/local/include/
升级ssl,安装包放在home
#cd /home
#tar -zvxf openssl-1.1.1h.tar.gz
#cd openssl-1.1.1h/
#./config --prefix=/usr/local/ssl -d shared
#make -j 4 && make install
查看版本号,结果为1.1.1及可(OpenSSL 1.1.1)
#openssl version -a
升级ssh,(有东西做备份)
#cd /etc/ssh/
#mv /etc/ssh/ /etc/ssh.bak
#cd /home
#tar -zvxf openssh-8.4p1.tar.gz
#cd /opt/openssh-8.4p1/
(注--without-openssl-header-check参数可以有报错再加)
#./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/user/lib64 --without-openssl-header-check
#make -j 4 && make install
#mv /usr/sbin/sshd /usr/sbin/sshd.bak
#cp -rf /usr/local/openssh/sbin/sshd /usr/sbin/sshd
#mv /usr/bin/ssh /usr/bin/ssh.bak
#cp -rf /usr/local/openssh/bin/ssh /usr/bin/ssh
#mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
#cp -r /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
#rm -rf /lib/systemd/system/sshd.service
#cp /home/openssh-8.4p1/contrib/redhat/sshd.init /etc/init.d/sshd
查看版本号
#sshd -V
输出结果有如下信息及正确
OpenSSH_8.4p1, OpenSSL 1.1.1 11 Sep 2018
重启
#reboot
安装系统时,默认设置了ssh开机自启,所以可以直接重启
五、报错及解决办法
5.1systemctl status ssh.service 出现错误
error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
fatal: Cannot bind any address.
error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
直接重启机器reboot
5.2启动ssh时,如果报错:
checking whether OpenSSL's headers match the library... no
configure: error: Your OpenSSL headers do not match your
library. Check config.log for details.
If you are sure your installation is consistent, you can disable the check
by running "./configure --without-openssl-header-check".
Also see contrib/findssl.sh for help identifying header/library mismatches.
启动ssh时添加`--without-openssl-header-check`参数继续编译
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib=/user/lib64 --without-openssl-header-check