1、环境



2、安装telnet 服务,防止ssh升级之后登陆不上服务器,使用telnet 连接服务器

       yum install telnet-server -y

       chkconfig telnet on

       /etc/init.d/xinetd start

       netstat -lntup|grep 23

       echo "pts/0" >>/etc/securetty
       echo "pts/1" >>/etc/securetty

      vi /etc/pam.d/remote
     #%PAM-1.0
     #auth       required     pam_securetty.so  注释这行

      /etc/init.d/xinetd  restart

     测试telnet 登录

 

3、安装openssh依赖包
   yum -y install gcc-c++ zlib zlib-devel pam-devel

并对一些依赖包进行备份

cp /usr/lib64/libssl.so.1.0.1e{,.bak}

cp /usr/lib64/libcrypto.so.1.0.1e{,.bak}


    

4、现在openssl 源码包

 

cd /data/tools

wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz tar xf openssl-1.0.2h.tar.gz cd openssl-1.0.2h #--shared 参数一定要加上,不然编译openssh,会有各种各种报错 ./config --shared make
删除系统上的openssl
mv /usr/bin/openssl /usr/bin/openssl.bak

rpm -e `rpm -qa | grep openssl` --nodeps

make install


ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
ldconfig -v
cp -a /usr/local/ssl/lib/libcrypto.so.1.0.0 /usr/lib64/
openssl version -a

 5、编译安装openssh

wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz

tar xf openssh-7.5p1.tar.gz 
cd openssh-7.5p1
mv /etc/pam.d/sshd /etc/pam.d/sshd.old
 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make

rpm -e `rpm -qa | grep openssh` --nodeps
make install
cp contrib/redhat/sshd.init /etc/init.d/sshd

ssh -V

/etc/init.d/sshd restart

 ssh登录,可以之后关闭telnet服务

posted on 2019-04-01 16:59  &永恒&  阅读(734)  评论(0编辑  收藏  举报