下载依赖库
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -xzf zlib-1.2.11.tar.gz && cd zlib-1.2.11/
./configure && make && make install
如果编译报错,请安装gcc
查看当前gcc版本:gcc --version
wget http://ftp.gnu.org/gnu/gcc/gcc-7.4.0/gcc-7.4.0.tar.gz
cd gcc-7.4.0
##如果需要更换下载源,请修改文件中的base_url的值
#vim ./contrib/download_prerequisites
##下载依赖包
./contrib/download_prerequisites
如果输出有fail,可去网站手动下载,放在源码根目录下。依赖包的网址为:ftp://gcc.gnu.org/pub/gcc/infrastructrue/。
创建一个build目录,在该目录下编译,避免污染源码:
mkdir build
cd build
…/configure -enable-checking=release -enable-languages=c,c++ -disable-multilib
请执行安装g++:#apt-get install g++ -y
再次编译:
make //必须 在编译目录build下执行,该目录下有configure生产的makefile文件,否则报错:
make: *** No targets specified and no makefile found. Stop
我编译时用了大概3个小时
make install
下载安装OpenSSH
wget https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
tar -xzf openssh-8.1p1.tar.gz && cd openssh-8.1p1/
root@bocepingtai:/home/ygcg/openssh-8.1p1# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd --with-ssl-dir=/usr/local/openssl-1.1.1d/
……
checking whether BROKEN_GETADDRINFO is declared... no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating buildpkg.sh
config.status: creating opensshd.init
config.status: creating openssh.xml
config.status: creating openbsd-compat/Makefile
config.status: creating openbsd-compat/regress/Makefile
config.status: creating survey.sh
config.status: creating config.h
OpenSSH has been configured with the following options:
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc/ssh
Askpass program: /usr/libexec/ssh-askpass
Manual pages: /usr/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/lib/sshd
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: no
SELinux support: no
MD5 password support: yes
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -I/usr/local/openssl-1.1.1d//include -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -L/usr/local/openssl-1.1.1d/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
Libraries: -lcrypto -ldl -lutil -lz -lcrypt -lresolv
+for sshd: -lpam
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
编译常见错误处理
如果编译时报错:onfigure: error: PAM headers not found
请安装:apt-get install libpam0g-dev
如果编译时报错:onfigure: error: OpenSSL headers missing - please install first or check config.log
请安装:apt-get install libssl-dev
如果编译时报错:configure: error: : OpenSSL library not found
按如下处理:
检查当前openssl版本及库版本:
openssl -version
strings /usr/lib/libssl.so |grep OpenSSL
找到openssl的安装文件,做软连接到/usr/local/lib/下
ln -s /usr/local/openssl-1.1.1d/libssl.so /usr/lib/libssl.so
验证:
strings /usr/lib/libssl.so |grep OpenSSL
这时可以出现ssl的最新版
如果还报错:请编译openssh时,加参数 --with-ssl-dir=/usr/local/openssl-1.1.1d/,指定openssl路径。
执行安装:make && make install
如果编译时报错:configure: error: *** working libcrypto not found, check config.log
上述错误是因为缺少openssl-devel包或者libcrypto相关库的位置不正确所致。
执行:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-privsep-path=/var/lib/sshd --with-ssl-dir=/usr/
openssl升级:https://www.openssl.org/source/下载
./config && make && make install
openssl version //验证
验证
root@bocepingtai:/home/ygcg/openssh-8.1p1# ssh -V
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
重启ssh服务验证登录
systemctl restart sshd //会一直卡着,是因为ssh服务启动完毕后,需通知Systemd,才能继续往下执行,返回信号。
root@bocepingtai:/home/ygcg/openssh-8.1p1# systemctl restart sshd
Job for ssh.service failed because a timeout was exceeded. See “systemctl status ssh.service” and “journalctl -xe” for details.
可修改sh的systemctl文件/lib/systemd/system/ssh.service中Type一项:
Type=notify改为Type=simple,这样systemctl不会等待ssh返回的信号,systemctl daemon-reload并重启sshd进程可以解决systemctl超时的问题。
sed -i “s/Type=notify/Type=simple/” /lib/systemd/system/ssh.service