操作系统版本 : CentOS 7.9
OpenSSH版本 : 7.4p1 升级至 OpenSSH 9.8p1
OpenSSL版本 : 1.0.2k 升级至 OpenSSL 3.3.1
#下载安装包
cd /usr/local/src
https://www.zlib.net/zlib-1.3.1.tar.gz
https://www.openssl.org/source/openssl-3.3.1.tar.gz
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
tar -zxf openssh-9.8p1.tar.gz && tar -zxf openssl-3.3.1.tar.gz && tar -zxf zlib-1.3.1.tar.gz
#备份文件
cp -rf /etc/ssh /etc/ssh.20240704
cp -rf /usr/bin/openssl /usr/bin/openssl.20240704
cp -rf /etc/pam.d /etc/pam.d.20240704
cp -rf /usr/lib/systemd/system /system.20240704
#安装telnet
yum install -y telnet telnet-server xinetd
systemctl start xinetd
systemctl start telnet.socket
sed -i 's/^auth[[:space:]]\+required[[:space:]]\+pam_securetty.so/#&/' /etc/pam.d/remote
telnet ip
systemctl enable telnet.socket
#安装依赖
yum install -y perl-CPAN perl-IPC-Cmd pam-devel
#安装zlib
cd /usr/local/src/zlib-1.3.1
./configure --prefix=/usr/local/src/zlib
make -j 4 && make install
#安装openssl
cd /usr/local/src/openssl-3.3.1
./config --prefix=/usr/local/src/openssl
make -j 4 && make install
rm -f /usr/bin/openssl
ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/src/openssl/lib64/libssl.so.3 /usr/lib64/libssl.so.3
ln -s /usr/local/src/openssl/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so.3
echo "/usr/local/src/openssl/lib64" >> /etc/ld.so.conf
ldconfig
openssl version -v
#卸载旧版openssh
yum remove -y openssh
rm -rf /etc/ssh/*
#安装新版openssh
cd /usr/local/src/openssh-9.8p1
./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
make -j 4 && make install
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp -rf /usr/local/src/ssh/bin/scp /usr/bin/scp
cp -rf /usr/local/src/ssh/bin/sftp /usr/bin/sftp
cp -rf /usr/local/src/ssh/bin/ssh-add /usr/bin/ssh-add
#修改配置
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
/etc/init.d/sshd restart
/etc/init.d/sshd status
chkconfig --add sshd
ssh -V
#关闭telnet
systemctl disable telnet.socket
systemctl stop telnet.socket
systemctl status telnet.socket
systemctl status xinetd
systemctl list-unit-files |grep telnet
注意:升级完成后若 UsePAM yes 则会登录失败,此时我们还原升级前的/etc/pam.d/sshd 即可
cp -p /etc/pam.d/sshd /etc/pam.d/sshd.new
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.new
\cp -p /etc/ssh.20240704/sshd_config /etc/ssh/sshd_config
\cp -p /etc/pam.d.20240704/sshd /etc/pam.d/sshd
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.