注:先安装 防止连不上服务器 apt-get install openbsd-inetd telnetd telnet
1.配置apt-get源
vi /etc/apt/sources.list deb file:///tmp/ package/
2.安装
apt-get install gcc make libpam0g-dev
3.安装zlib
./configure
make test
make install
4重新安装openssl
./config shared zlib
make
make install
5.升级openssh
卸载openssh旧版
apt-get remove openssh-server openssh-client
# 备份原openssh文件
cp /etc/init.d/ssh /etc/init.d/ssh.old
cp -r /etc/ssh /etc/ssh.old
./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
make
make install
ssh -V
6.修改配置文件
mv /etc/init.d/ssh.old /etc/init.d/sshd #使用原来的启动脚本
vim /etc/init.d/sshd #编辑,然后替换路径。
#将原路径"/usr/sbin替换为"/usr/local/sibn"
:%s/usr\/sbin/usr\/local\/sbin/g
#将原路径"/etc/ssh替换为"/usr/local/ssh"
这一步不用替换:%s/etc\/ssh/usr\/local\/ssh/g
这是根据openssh的configure时sysconfdir配置的
$ ln -s /dev/null /etc/systemd/system/sshd.service
$ systemctl daemon-reload
屏蔽服务是一种永久性的变化,就像禁用服务一样。
首先启用服务:
systemctl unmask sshd.service
启动SSHD服务时报错
sshd re-exec requires execution with an absolute path
解决过程:
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
sudo /usr/sbin/sshd
自动启动
vi /etc/rc.local
service sshd start