OpenSSH官方下载地址:
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-9.0.tar.gz/
清华大学开源软件镜像站下载地址:
https://mirrors.tuna.tsinghua.edu.cn/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
依赖下载地址(可直接下载使用):
https://download.csdn.net/download/u012147490/87741479
拓展RPM包下载地址(其他离线安装包下载):
http://www.rpmfind.net/linux/rpm2html/search.php/
1、从附件下载openssh-9.0p1.tar.gz及openssh-rpm.zip安装包。
2、准备工作,进入/usr/local/目录:
[root@centos ~]# cd /usr/local/
2.1、新建openssh目录
[root@centos local]# mkdir openssh
2.2、进入openssh目录
[root@centos local]# cd openssh/
2.3、上传openssh-9.0p1.tar.gz、openssh-rpm.zip至服务器
[root@centos openssh]# ls
openssh-9.0p1.tar.gz openssh-rpm.zip
2.4、解压文件
[root@centos openssh]# tar -zxvf openssh-9.0p1.tar.gz
[root@centos openssh]# unzip openssh-rpm.zip
[root@centos openssh]# ls
openssh-9.0p1 openssh-9.0p1.tar.gz openssh-rpm.zip rpm
3、开始安装:
3.1、查看当前SSH版本
[root@centos openssh]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
3.2、禁用SElinux,否则升级完成之后sshd服务无法启动
[root@centos openssh]# setenforce 0
3.3、备份配置文件
[root@centos openssh]# cp /etc/ssh/sshd_config sshd_config.backup
[root@centos openssh]# cp /etc/pam.d/sshd sshd.backup
3.4、删除原OpenSSH的RPM包(此操作前确保已执行步骤2.3)
[root@centos openssh]# rpm -e --nodeps `rpm -qa | grep openssh`
3.5、安装RPM依赖(执行完成即可)
[root@centos openssh]# cd rpm/
[root@centos rpm]# yum -y localinstall *.rpm
3.6、安装openSSH9.0p1
[root@centos rpm]# cd ..
[root@centos openssh]# cd openssh-9.0p1/
3.7、编译配置(此步骤可能会出现 PRM not found 直接忽略)
[root@centos openssh-9.0p1]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
3.8、编译安装
[root@centos openssh-9.0p1]# make && make install
3.9、异常处理(可能会出现)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
sshd: no hostkeys available -- exiting.
make: [check-config] Error 1 (ignored)
删除上述中相关的key文件(实际删除以错误内容为准)
[root@centos openssh-9.0p1]# rm -rf /etc/ssh/ssh_host_rsa_key
[root@centos openssh-9.0p1]# rm -rf /etc/ssh/ssh_host_ecdsa_key
[root@centos openssh-9.0p1]# rm -rf /etc/ssh/ssh_host_ed25519_key
3.10、赋权文件
[root@centos openssh-9.0p1]# chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
3.11、复制文件并授权
[root@centos openssh-9.0p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd
[root@centos openssh-9.0p1]# chmod u+x /etc/init.d/sshd
3.12、还原配置文件
[root@centos openssh-9.0p1]# mv ../sshd.backup /etc/pam.d/sshd
[root@centos openssh-9.0p1]# mv ../sshd_config.backup /etc/ssh/sshd_config
mv: overwrite ‘/etc/ssh/sshd_config’? Y
3.13、添加SSH自启服务到开机启动项
[root@centos openssh-9.0p1]# chkconfig --add sshd
[root@centos openssh-9.0p1]# chkconfig sshd on
3.14、修改配置信息并重启
[root@centos openssh-9.0p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@centos openssh-9.0p1]# echo 'X11Forwarding yes' >> /etc/ssh/sshd_config
[root@centos openssh-9.0p1]# echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
[root@centos openssh-9.0p1]# /etc/init.d/sshd restart
Restarting sshd (via systemctl): [ OK ]
至此整个openSSH已安装完成
4、测试连接:
4.1、查看当前SSH版本
[root@centos openssh-9.0p1]# ssh -V
OpenSSH_9.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
4.2、新建一个ssh连接,如果无法连接,则需要禁用SElinux
[root@centos openssh-9.0p1]# setenforce 0
4.3、到此步骤,可以使用XShell连接访问。如果使用Xftp连接访问时,提示:无法与127.0.0.1连接。如下操作,如无则忽略
[root@centos openssh-9.0p1]# vim /etc/ssh/sshd_config
找到并注释以下语句
# Subsystem sftp /usr/libexec/openssh/sftp-server
另起一行,添加以下语句
Subsystem sftp internal-sftp
重启sshd服务
[root@centos openssh-9.0p1]# service sshd restart
Restarting sshd (via systemctl): [ OK ]