openssh 8.7 https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz
依赖环境:
zlib 1.2.11 https://jaist.dl.sourceforge.net/project/libpng/zlib/1.2.11/zlib-1.2.11.tar.gz
openssl 1.1.1l https://www.openssl.org/source/openssl-1.1.1l.tar.gz
升级安装方式:编译安装
#环境准备
需要使用除ssh外的其他连接方式,比如tty,以确保能连接上服务器,如果该条件不满足,暂不做openssh的升级操作!!!
#安装依赖
yum install gcc make perl -y
#下载源码包
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz
wget https://jaist.dl.sourceforge.net/project/libpng/zlib/1.2.11/zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz
#停止ssh服务,卸载现有版本
systemctl stop sshd
rpm -qa | grep openssh
rpm -e --nodeps xxx #卸载openssh的三个包
rpm -qa | grep openssh #再次检查
#解压源码进行编译安装
tar -zxf zlib-1.2.11.tar.gz
tar -zxf openssl-1.1.1l.tar.gz
tar -zxf openssh-8.7p1.tar.gz
cd zlib-1.2.11
./configure --prefix=/usr/local/zlib && make && make install
echo "/usr/local/zlib/lib" > /etc/ld.so.conf.d/zlib.conf
ldconfig
cd openssl-1.1.1l
./config --prefix=/usr/local/ssl -d shared && make && make install
echo "/usr/local/ssl/lib" > /etc/ld.so.conf.d/ssl.conf
ldconfig
#备份现有文件目录
mv /usr/bin/openssl /usr/bin/openssl.bak
#创建ssl相关软连接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
cd openssh-8.7p1
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config
mv /etc/ssh /etc/ssh.old
mv /usr/sbin/sshd /usr/sbin/sshd.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
因为上面卸载了openssh,上面的一些文件已经不存在了,如果备份没成功,不必在意
mkdir /etc/ssh
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cd openssh-8.7p1
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
service sshd restart
systemctl status sshd
ssh -V
注:这里有个坑,编译安装完成ssh使用没有问题,但是改不了默认端口22,目前还没找到什么原因,因此后面做了一篇将源码制作成rpm包来升级的教程
CentOS 8升级openssh,请参考:CentOS8 OpenSSH 升级至OpenSSH-8.5p1_薛文001的博客-CSDN博客_centos8 升级openssh
官方网站:https://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html