操作系统版本 : CentOS 7.9
OpenSSH版本 : 7.4p1  升级至 OpenSSH 9.8p1
OpenSSL版本 : 1.0.2k 升级至 OpenSSL 3.3.1

#下载安装包
cd /usr/local/src
https://www.zlib.net/zlib-1.3.1.tar.gz
https://www.openssl.org/source/openssl-3.3.1.tar.gz
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz

tar -zxf openssh-9.8p1.tar.gz && tar -zxf openssl-3.3.1.tar.gz && tar -zxf zlib-1.3.1.tar.gz

#备份文件
cp -rf /etc/ssh /etc/ssh.20240704
cp -rf /usr/bin/openssl /usr/bin/openssl.20240704
cp -rf /etc/pam.d /etc/pam.d.20240704
cp -rf /usr/lib/systemd/system /system.20240704

#安装telnet
yum install -y telnet telnet-server xinetd
systemctl start xinetd
systemctl start telnet.socket
sed -i 's/^auth[[:space:]]\+required[[:space:]]\+pam_securetty.so/#&/' /etc/pam.d/remote
telnet ip
systemctl enable telnet.socket

#安装依赖
yum install -y perl-CPAN perl-IPC-Cmd pam-devel

#安装zlib
cd /usr/local/src/zlib-1.3.1
./configure --prefix=/usr/local/src/zlib
make -j 4 && make install

#安装openssl
cd /usr/local/src/openssl-3.3.1
./config --prefix=/usr/local/src/openssl
make -j 4 && make install

rm -f /usr/bin/openssl
ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/src/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/src/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3

echo "/usr/local/src/openssl/lib64" >> /etc/ld.so.conf
ldconfig
openssl version -v

#卸载旧版openssh
yum remove -y openssh
rm -rf /etc/ssh/*

#安装新版openssh
cd /usr/local/src/openssh-9.8p1
./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
make -j 4 && make install

cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp -rf /usr/local/src/ssh/bin/scp /usr/bin/scp
cp -rf /usr/local/src/ssh/bin/sftp /usr/bin/sftp
cp -rf /usr/local/src/ssh/bin/ssh-add /usr/bin/ssh-add

#修改配置
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

/etc/init.d/sshd restart
/etc/init.d/sshd status
chkconfig --add sshd
ssh -V

#关闭telnet
systemctl disable telnet.socket
systemctl stop telnet.socket
systemctl status telnet.socket

systemctl status xinetd
systemctl list-unit-files |grep telnet

注意:升级完成后若 UsePAM yes 则会登录失败,此时我们还原升级前的/etc/pam.d/sshd 即可
cp -p /etc/pam.d/sshd /etc/pam.d/sshd.new
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.new

\cp -p /etc/ssh.20240704/sshd_config /etc/ssh/sshd_config
\cp -p /etc/pam.d.20240704/sshd /etc/pam.d/sshd
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.