1.环境检查
[root@HZLOPENSSHTEST ~]
CentOS Linux release 7.9.2009 (Core)
[root@HZLOPENSSHTEST ~]
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[root@HZLOPENSSHTEST ~]
openssh-clients-7.4p1-21.el7.x86_64
openssl-libs-1.0.2k-19.el7.x86_64
openssl-1.0.2k-19.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-server-7.4p1-21.el7.x86_64
2.软件包获取
cd /opt/
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz
tar -zxvf openssl-1.1.1q.tar.gz
tar -zxvf openssh-9.0p1.tar.gz
3.备份相关组件配置
cp -r /etc/ssh /etc/ssh.bak
cp -r /etc/pam.d /etc/pam.d.bak
cp /usr/bin/openssl /usr/bin/openssl.bak
4.Openssh安装
yum remove openssh
rpm -e --nodeps `rpm -qa | grep openssh`
yum install gcc gcc-c++ glibc make openssl-devel openssl pam-devel zlib-devel tcp_wrappers-devel tcp_wrappers
cd openssl-1.1.1q
./config --prefix=/usr
make -j 4 && make install
openssl version
OpenSSL 1.1.1q 5 Jul 2022
cd openssh-9.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr
make -j 4 && make install
ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
5.配置恢复
cd /etc/ssh/
mv sshd_config sshd_config_20231130.bak
cp /etc/ssh.bak/sshd_config /etc/ssh/
cp /etc/pam.d.bak/sshd /etc/pam.d/
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
cp -a openssh-9.0p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
systemctl status sshd
6.服务检查及登录验证
ssh 10.21.25.124
root@10.21.25.124's password:
Last login: Wed Nov 29 14:41:04 2023 from 10.21.25.124
/bin/bash: Permission denied #登录异常,拒绝登录
Connection to 10.21.25.124 closed.
#检查配置是否禁用root登录,或者检查selinux
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config #允许root登录配置
setenforce 0 #关闭selinux
ssh 10.21.25.124 #重新登录验证
root@10.21.25.124's password:
Last login: Wed Nov 29 14:45:21 2023 from 10.21.25.124