查看当前版本
ssh -V
openssl version
安装依赖
yum update openssh -y
yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
yum install -y pam* zlib*
下载安装包
cd /opt
wget https://mirrors.dotsrc.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
wget -c https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz
备份
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
解压
tar xfz openssh-8.1p1.tar.gz
tar xfz openssl-1.0.2r.tar.gz
编译安装openssl
cd /opt/openssl-1.0.2r
./config shared && make && make install
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
编译安装openssh
cp -r /etc/ssh /tmp/
rm -rf /etc/ssh
cd /opt/openssh-8.1p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam
make
卸载旧rpm版本的ssh:rpm -qa | grep ssh
rpm -e --nodeps openssh-7.4p1-21.el7.x86_64
rpm -e --nodeps openssh-clients-7.4p1-21.el7.x86_64
rpm -e --nodeps openssh-server-7.4p1-21.el7.x86_64
make install
修改/etc/ssh/sshd_config配置文件
vim /etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv /usr/lib/systemd/system/sshd.service /opt/
mv /usr/lib/systemd/system/sshd.socket /opt/
chkconfig sshd on
service sshd restart
关闭SELinux
临时关闭(不用重启):setenforce 0
永久关闭:修改/etc/selinux/config 文件(需要重启)
将SELINUX=enforcing
改为SELINUX=disabled
查看版本
ssh -V
openssl version
清理ssh缓存ssh-keygen -R IP