检查环境
[root@test]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
备份
/etc/ssh/sshd_config
/etc/pam.d/sshd
/etc/selinux/config
下载
https://download.csdn.net/download/qweasdzxc01233210/85808806
上传解压
cd /usr/local/soft/installFiles/openssh8.4
unzip openssh8.4.zip
安装( 此方法会自动处理依懒关系):
yum install ./*.rpm
部分机器使用方法二安装会提示依赖问题,可以使用以下方法:
yum update *.rpm
还原配置
1、/etc/ssh/sshd_config
将备份文件直接覆盖,再进行下面修改
因为OPENSSH升级后,/etc/ssh/sshd_config会还原至默认状态,我们需要进行相应配置:
cd /etc/ssh/
chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
systemctl restart sshd
注意:升级后重启SSH可能出现以下错误:
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key “/etc/ssh/ssh_host_ed25519_key”: bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available – exiting.
[FAILED]
sshd.service: control process exited, code=exited status=1
Failed to start SYSV: OpenSSH server daemon.
Unit sshd.service entered failed state.
sshd.service failed.
解决办法:
chmod 0600 /etc/ssh/ssh_host_ed25519_key
service sshd restart
即可解决。
2、 /etc/pam.d/sshd
将备份文件直接覆盖
3、 /etc/selinux/config
将备份文件直接覆盖
4、最后再重启一下SSH
cd /etc/ssh/
systemctl restart sshd
检查环境:
[root@test]# ssh -V
OpenSSH_8.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
至此,升级完成,先别关闭终端,直接新开一个终端,连接到服务器测试。
注意:如果新开终端连接的时,root密码报错,并且已经根据上面后续操作,那可能就是SElinux的问题,我们进行临时禁用:
setenforce 0
即可正常登录,然后修改/etc/selinux/config 文件:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
进行永久禁用SElinux即可。