查看openssh、openssl版本
[root ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 [root ~]# ssh -V OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
查看linux发行版和内核
[root@ ~]# cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" <p>CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"
安装配置telnet http://sqacg.com/archives/an-zhuang-pei-zhi-telnet
切换到 telnet 执行 避免中途断开连接
新增用户并赋予权限:http://sqacg.com/archives/Linuxaddsusersandgrantssudopermissions
使用普通用户通过telnet连接服务器,然后sudo -i切换到root
升级所需依赖包
[root@ ~]# yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
下载OpenSSL和OpenSSH
openssl官网:https://www.openssl.org/
openssh官网:http://www.openssh.com/[root@ ~]# wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz [root@ ~]# wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz [root@ ~]# tar xf openssl-1.1.1i.tar.gz [root@ ~]# tar xf openssh-8.6p1.tar.gz
编译安装OpenSSL
开始之前,先备份一下原有的OpenSSL文件
[root@ ~]# mv /usr/bin/openssl{,.bak} [root@ ~]# mv /usr/include/openssl{,.bak}</p> <p>[root@ ~]# cd openssl-1.1.1i/ [root@ openssl-1.1.1i]# ./config shared && make && make install
编译完成后,可以在/usr/local目录下找到openssl的二进制文件和目录
[root@ ~]# ll /usr/local/bin/openssl -rwxr-xr-x 1 root root 749136 Jan 14 14:25 /usr/local/bin/openssl [root@ ~]# ll -d /usr/local/include/openssl/ drwxr-xr-x 2 root root 4096 Jan 14 14:25 /usr/local/include/openssl/
建立软连接
[root@ ~]# ln -s /usr/local/bin/openssl /usr/bin/openssl [root@ ~]# ln -s /usr/local/include/openssl/ /usr/include/openssl [root@ ~]# ll /usr/bin/openssl lrwxrwxrwx 1 root root 22 Jan 14 14:32 /usr/bin/openssl -> /usr/local/bin/openssl [root@ ~]# ll -d /usr/include/openssl lrwxrwxrwx 1 root root 27 Jan 14 14:33 /usr/include/openssl -> /usr/local/include/openssl/
重新加载配置,验证openssl版本
[root@ ~]# echo "/usr/local/lib64" >> /etc/ld.so.conf [root@ ~]# /sbin/ldconfig [root@ ~]# openssl version OpenSSL 1.1.1i 8 Dec 2020
编译安装OpenSSH
备份原有的ssh目录
[root@ ~]# mv /etc/ssh{,.bak}
[root@ ~]# mkdir /usr/local/openssh
[root@ ~]# cd openssh-8.4p1/
安装
[root@ openssh-8.4p1]# ./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords --with-pam && make && make install
请注意检查最后执行结果,如出现error等字眼则说明安装并未成功
配置sshd_config文件
[root@ ~]# echo "UseDNS no" >> /etc/ssh/sshd_config [root@ ~]# echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config [root@ ~]# echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config [root@ ~]# echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
如果是图形化界面,需要x11的话,需要配置如下
[root@ ~]# echo "X11Forwarding yes" >> /etc/ssh/sshd_config [root@ ~]# echo "X11UseLocalhost no" >> /etc/ssh/sshd_config [root@ ~]# echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
创建新的sshd二进制文件
[root@ ~]# mv /usr/sbin/sshd{,.bak} [root@ ~]# mv /usr/bin/ssh{,.bak} [root@ ~]# mv /usr/bin/ssh-keygen{,.bak} [root@ ~]# ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh [root@ ~]# ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen [root@ ~]# ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd <code>查看openssh当前版本
[root@ ~]# ssh -V OpenSSH_8.6p1, OpenSSL 1.1.1i 8 Dec 2020
重新启动openssh服务
[root@ ~]# systemctl disable sshd --now [root@ ~]# mv /usr/lib/systemd/system/sshd.service{,.bak} [root@ ~]# systemctl daemon-reload</p> <p>[root@ ~]# cp -a /openssh-8.6p1/contrib/redhat/sshd.init /etc/init.d/sshd [root@ ~]# cp -a /openssh-8.6p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam</p> <p>[root@ ~]# chkconfig --add sshd [root@ ~]# systemctl enable sshd --now
注意cp命令内的openssh-8.6p1路径
最后连接测试
测试完成后关闭telnet连接服务
疑难杂症
执行编译过程中报 gcc 等错误:具体问题具体分析,如果是ccl找不到
版本存在问题,建议升级 http://sqacg.com/archives/chcdaos
百度解决
sshd 不能正确启动
例如提示:Failed to start SYSV: OpenSSH server daemon.
建议检查ssh的密钥文件权限是否正常,权限需要600
使用 sshd -t 来检查哪里出现问题