推荐:rpm安装openssh服务
使用openssh-rpms,将openssh打包为rpm包
github:https://github.com/boypt/openssh-rpms.git
gitee:https://gitee.com/OnlyVersion/openssh-rpms
#注意:centos6不支持openssl 3.0及以上版本
#修复升级造成旧算法无法使用问题;
vim /etc/ssh/sshd_config
#最下方增加:
PubkeyAcceptedAlgorithms +ssh-rsa
#保存重启
service sshd restart
编译安装openssh服务
------------------------------------------------------------------------------------------------------------------
备份ssh:
mv /etc/ssh /etc/ssh_`date +%F`
编译安装:
tar -zxf openssh-9.0p1.tar.gz
cd openssh-9.0p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-pam
make
make install
修改配置文件:
mv /etc/init.d/sshd /etc/init.d/sshd_`date +%F`
mv /etc/pam.d/sshd.pam /etc/pam.d/sshd.pam_`date +%F`
mv /usr/bin/ssh /usr/bin/sshd_`date +%F`
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#处理升级后ssh -V的openssl版本不正确问题
cp -a /usr/openssh/bin/ssh /usr/bin/ssh
chmod +x /etc/init.d/sshd
chmod +x /usr/bin/ssh
重启服务,配置开机自启:
把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
mv /run/systemd/generator.late/sshd.service /run/systemd/generator.late/sshd.service_`date +%F`
设置开机自启:
chkconfig --add sshd
chkconfig sshd on
systemctl enable sshd
重启sshd:
systemctl restart sshd
-------------------------------------------------------------------------------------------------------------------
报错处理区:
-------------------------------------------------------------------------------------------------------------------
报错1:
configure: error: OpenSSL library not found.
处理方式:
CCFLAGS=“-I/usr/local/openssl/include" LDFLAGS=“-L/usr/local/openssl/lib" ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-zlib --with-md5-passwords --with-pam
报错2:
configure: error: *** OpenSSL headers missing - please install first or check config.log
处理方式:
重新安装openssl服务
报错3:
openssh升级报错configure: error: Your OpenSSL headers do not match your library. Check config.log for d
处理方法:
./configure 中增加--without-openssl-header-check
报错4:
升级openssh报 PAM headers not found
处理方法:
yum -y install pam-devel
报错5:
升级openssh报error: *** zlib.h missing - please install first or check config.log
处理方法:
yum -y install zlib zlib-devel
报错6:
configure: error: *** working libcrypto not found, check config.log
处理方法:
第一步:
rpm -qa |grep openssl
rpm -e openssl-1.0*.x86_64 --nodeps #根据你服务器上的包进行卸载
rpm -e openssl-deve-*.x86_64 #根据你服务器上的包进行卸载
第二步:
在编译的配置文件前增加:CCFLAGS="-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/openssl/lib"
改后为:CCFLAGS="-I/usr/local/openssl/include" LDFLAGS="-L/usr/local/openssl/lib" ./configure
-------------------------------------------------------------------------------------------------------------------
开启root登录、ssh端口和密码登录:
vim /etc/ssh/sshd_config
#Port 22 改为 Port 你的ssh端口
#PermitRootLogin prohibit-password 改为 PermitRootLogin yes #运行root账号远程登录
#PasswordAuthentication yes 改为 PasswordAuthentication yes #开启密码认证
#UsePAM no 改为 UsePAM yes #开启UsePAM登录