为解决漏洞特意升级至9.8p1
1.升级前准备,安装一下开发包,可以配置本地yum
dnf install zlib-devel
dnf install openssl-devel
dnf install pam-devel
配置本地yum
2.安装openssl (要求>= 1.1.1 )
因为环境已经是1.1.1所以没有更新
3.安装openssh 9.8p1
1.下载安装包
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/openssh-9.8.tar.gz
2.解压安装包
tar -zxvf openssh-9.8p1.tar.gz
3.备份配置文件(注意备份文件路径根据实际情况选择,后面会用到)
cp /etc/ssh/sshd_config /home/ssh/sshd_config.bak
cp /etc/pam.d/sshd /home/ssh/sshd.bak
4.卸载原来的openssh
rpm -e --nodeps `rpm -qa | grep openssh`
rpm -qa | grep openssh
5.编译安装文件
cd openssh-9.8p1
./configure --prefix=/usr/local/openssh9.8p1 --exec-prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-selinux --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl --without-hardening
6.执行安装编译文件
make && make install
7.调整文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
8.SSH配置调整
cp -a /home/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
9.回拷备份配置文件
cp /home/ssh/sshd_config.bak /etc/ssh/sshd_config
cp /home/ssh/sshd.bak /etc/pam.d/sshd
10.添加ssh到开机启动项,重启sshd服务
chkconfig --add sshd
chkconfig sshd on
systemctl restart sshd
11.验证版本