OpenSSH升级版本(7.4升级到8.9)
环境:centos7
ssh版本:
1.为防止安装失败,无法用ssh做远程连接,因此先安装telnet防一手
[root@localhost ~]# yum -y install telnet*
[root@localhost ~]# systemctl enable telnet.socket
[root@localhost ~]# systemctl start telnet.socket
注:安全文件关闭或者修改(否则root无法telnet登录,默认端口23)
关闭防火墙:
systemctl stop firewalld && systemctl disable firewalld
关闭sellinux:
2.安装依赖包
[root@localhost ~]# yum -y install zlib*
[root@localhost ~]# yum -y install pam-*
[root@localhost ~]# yum -y install gcc
[root@localhost ~]# yum -y install openssl-devel
3.备份原有ssh服务版本
[root@localhost ~]# cp /etc/ssh /etc/ssh.bak
[root@localhost ~]# mv /usr/bin/ssh /usr/bin/ssh.bak
[root@localhost ~]# mv /usr/sbin/sshd /usr/sbin/sshd.bak
4.安装openssh
下载链接如下,下载后解压
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
[root@localhost ~]# wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
[root@localhost ~]# tar -zxvf openssh-8.9p1.tar.gz
[root@localhost ~]# cd openssh-8.9p1
[root@localhost openssh-8.9p1]#./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
[root@localhost openssh-8.9p1]# make && make install
5.再卸载由yum安装的openssh
[root@localhost openssh-8.9p1]# yum remove openssh -y
6.修改配置
启动前要将新生成的sshd_config修改以下几个地方
vim /usr/local/openssh/etc/sshd_config
复制文件到相应系统文件夹
cp /root/openssh-8.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
7.启动
#启动
systemctl start sshd.service
#查看状态
systemctl status sshd.service
8.安装完成后使用xshell之类的工具登录,发现在输入密码后被拒绝,用下面方法解决
(1)考虑是否是selinux启用了策略,将/etc/selinux/config 文件中的SELINUX=enforcing 修改为 SELINUX=disabled
(2)setenforce 0
9.最后验证版本
[root@localhost ~]# ssh -V
结果:
测试重新连接:
10.脚本安装(需联网):
#!/bin/bash
#本脚本在root目录下运行
#检查防火墙
firewalld_status=`systemctl status firewalld | grep "running" | wc -l`
if [ $firewalld_status -eq 1 ]; then
systemctl stop firewalld
echo "firewalld is stop"
else
echo"防火墙已关闭"
systemctl status firewalld
fi
#检查selinux
selinux_status=`awk 'BEGIN{FS="="}NR=="7"{print $2}' /etc/selinux/config`
if [[ $selinux_status == "enforcing" ]]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo "selinux is stop"
else
echo "selinux已关闭"
fi
#安装telnet
yum -y install telnet*
systemctl enable telnet.socket
systemctl start telnet.socket
#安装依赖包
yum -y install zlib*
yum -y install pam-*
yum -y install gcc
yum -y install openssl-devel
#备份原有ssh服务版本
cp -r /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
#下载openssh8.9
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
tar -zxvf openssh-8.9p1.tar.gz
cd openssh-8.9p1
echo "开始编译"
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl
make && make install
#卸载由yum安装的openssh
yum remove openssh -y
cat >>/usr/local/openssh/etc/sshd_config <<EOF
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
EOF
cp /root/openssh-8.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
echo "================启动服务================"
systemctl restart sshd.service
echo "================服务状态================"
systemctl status sshd.service
echo "================ssh版本验证================"
ssh -V