Centos升级openssh

pursue.dreams

已于 2022-09-02 23:25:35 修改

阅读量1.3k

点赞数 4

分类专栏： linux centos 文章标签： centos

于 2022-09-02 23:23:34 首次发布

本文链接：https://blog.csdn.net/qq_41687670/article/details/126671725

版权

linux 同时被 2 个专栏收录

11 篇文章 0 订阅

订阅专栏

centos

3 篇文章 0 订阅

订阅专栏

1、查看ssh版本

ssh -V

##查看运行状态：
systemctl status sshd.service

##重启ssh服务
systemctl restart sshd

2、安装依赖包

yum install zlib-devel pam-devel -y

cd /usr/local/ && wget -P /usr/local/ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz --no-check-certificate

3、解压openssh包

tar xfz openssh-9.0p1.tar.gz

chown -R root:root openssh-9.0p1 && cd ./openssh-9.0p1

mkdir -p /home/sshbak

cp -arp /etc/ssh /home/sshbak/

mv /etc/ssh /etc/ssholdbak

4、设置编译参数和编译安装，注意要更新openssl后才能生效

cd /usr/local/openssh-9.0p1

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl/lib/ --with-zlib --with-md5-passwords --with-pam


make && make install

5、修改配置文件/etc/ssh/sshd_config，取消注释以下文件，没有的则进行添加

vi /etc/ssh/sshd_config

PermitRootLogin  yes     				  #允许root登录，root用户必须添加 
AuthorizedKeysFile  .ssh/authorized_keys  #指定公钥文件的保存位置以及名称 
PasswordAuthentication yes                #允许密码验证证 
UsePAM  yes                               #PAM模块 
UseDNS  no                                #关闭dns检测 
Subsystem sftp /usr/ibexec/sftp-server    #开启SFTP并指定路径

cd /etc/ssh

mv sshd_config sshd_config.bak

cp /home/sshbak/ssh/sshd_config /etc/ssh/

6、检测文件配置测试

sshd -t

7、修改pam认证文件

echo "/etc/pam.d/sshd"

cp /etc/pam.d/sshd /etc/pam.d/sshd.bak

cat > /etc/pam.d/sshd <<'EOF'

#%PAM-1.0
auth 	required 	pam_sepermit.so 
auth 	include 	password-auth 
account required 	pam_nologin.so
account include 	password-auth 
password include 	password-auth
# pam selinux.so close should be the first session rule
session required 	pam_selinux.so close 
session required 	pam_loginuid.so 
# pam selinux.so open should only be fo owed by sessions to be executed in the user context
session required 	pam_selinux.so open env_params 
session optional 	pam_keyinit.so force revoke 
session include 	password-auth 
EOF

8、添加互信命令文件ssh-copy-id

mv /usr/bin/ssh-copy-id /home/sshbak/

cd /usr/local/openssh-9.0p1

install -v -m755 contrib/ssh-copy-id /usr/bin

9、开机启动，由于升级到非红帽体系最新版，故开机自启使用SysV托管，使用systemd托管会有问题

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

chmod +x /etc/init.d/sshd

cd /etc/init.d

/sbin/chkconfig --add sshd

systemctl enable sshd

mv /usr/lib/systemd/system/sshd.service /home/sshbak/

mv /usr/lib/systemd/system/sshd.socket /home/sshbak/

/sbin/chkconfig sshd on

systemctl daemon-reload

systemctl restart sshd

systemctl status sshd

/sbin/chkconfig --list

至此openssh升级完成。

10、检查版本是否为新版本

ssh -V

在这里插入图片描述