linux系统下ssh升级,linux openssh升级到7.9

一.先安装telnet服务,以防卸载openssh后连接不到服务器

yum install -y telnet-server

yum install -y xinetd

systemctl enable xinetd.service

systemctl enable telnet.socket

systemctl start telnet.socket

systemctl start xinetd

默认情况下，系统是不允许root用户telnet远程登录的。如果要使用root用户直接登录，需设置如下内容:

echo  'pts/0'  >>/etc/securetty

echo 'pts/1' >>/etc/securetty

systemctl restart xinetd.service

然后在本地测试telnet能否连接到服务器 , 如果一直报密码无效要注意selinux和防火墙

连接到的话就是如下显示.输入root密码即可登录

Kernel 3.10.0-514.el7.x86_64 on an x86_64

localhost login: root

Password:

Last login: Tue Nov 13 15:57:03 from 172.16.0.10

[root@localhost ~]#

二.升级开始:(注意 : 关闭SELinux)

先把openssh-7.9p1.tar.gz传到服务器上 , 在进行升级的一系列操作.

1.yum安装依赖

yum install -y gcc openssl openssl-devel pam-devel rpm-build pam-devel

2.卸载openssh

[root@localhost src]# rpm -qa | grep openssh

[root@localhost src]# rpm -e `rpm -qa | grep openssh` --nodeps

[root@localhost src]# rpm -qa | grep openssh

3.安装openssh7.9

1)执行如下命令,设置适当的环境

(参考,包在这里下载 http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html )

install -v -m700 -d /var/lib/sshd && chown -v root:sys /var/lib/sshd && groupadd -g 50 sshd && useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd

2)解压

[root@localhost src]# tar -zxvf openssh-7.9p1.tar.gz

[root@localhost src]# cd openssh-7.9p1

3)安装

[root@localhost src]# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers

[root@localhost src]# make && make install

因为权限问题而报出警告

修改文件权限后再次执行make install

[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_rsa_key

[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ecdsa_key

[root@localhost openssh-7.9p1]# chmod 600 /etc/ssh/ssh_host_ed25519_key

[root@localhost openssh-7.9p1]# make install

4)执行如下命令

install -v -m755 contrib/ssh-copy-id /usr/bin && install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1 && install -v -m755 -d /usr/share/doc/openssh-7.9p1 && install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-7.9p1

[root@localhost openssh-7.9p1]# ssh -V

OpenSSH_7.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017

5)修改配置文件 PermitRootLogin yes 允许root远程登录 , 开机自启

[root@localhost openssh-7.9p1]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

[root@localhost openssh-7.9p1]# cp -a contrib/redhat/sshd.init /etc/init.d/sshd

[root@localhost openssh-7.9p1]# chkconfig --add sshd

[root@localhost openssh-7.9p1]# chkconfig sshd on

[root@localhost openssh-7.9p1]# service sshd start

Starting sshd (via systemctl): [ OK ]

[root@localhost openssh-7.9p1]# service sshd restart

Restarting sshd (via systemctl): [ OK ]

[root@localhost openssh-7.9p1]# chkconfig --list sshd

4.把telnet关掉

[root@localhost openssh-7.9p1]# rpm -qa telnet-server

telnet-server-0.17-64.el7.x86_64

[root@localhost openssh-7.9p1]# systemctl stop telnet.socket

[root@localhost openssh-7.9p1]# systemctl stop xinetd

[root@localhost openssh-7.9p1]# systemctl disable xinetd.service

Removed symlink /etc/systemd/system/multi-user.target.wants/xinetd.service.

[root@localhost openssh-7.9p1]# systemctl disable telnet.socket

Removed symlink /etc/systemd/system/sockets.target.wants/telnet.socket.