openssh 升级

1、基础安装包准备  PS:最好先下载 telnet 服务端并启动,以免 sshd 服务启动失败后无法登录

官方网站下载最新版*.tar.gz安装包:

官方下载地址:http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

openssh-9.0p1.tar.gz (注意:要下载p1版,此版为编译安装包)

官方下载地址:https://www.openssl.org/source/

openssl-3.0.3.tar.gz

官方下载地址: http://www.zlib.net/

zlib-1.2.12.tar.gz

官方下载地址: https://www.perl.org/get.html

perl-5.36.0.tar.gz

2、系统环境
查看openssl版本(可以看到版本信息和安装位置)

openssl version -a

3、上传安装包

4、编译安装 zlib 

  安装编译所需依赖包

  # yum -y install make gcc gcc-c++

# tar xf zlib-1.2.13.tar.gz
# cd zlib-1.2.13
# ./configure --prefix=/usr/local/zlib

# make && make install

# echo '/usr/local/zlib/lib' >> /etc/ld.so.conf  
# ldconfig -v

5、编译安装 openssl

  1)安装 perl

# tar xf perl-5.36.0.tar.gz
# cd perl-5.36.0
# ./Configure -des -Dprefix=/usr/local/perl5
# make && make install

  2)安装 perl-CPAN

# yum install -y perl-CPAN
# perl -MCPAN -e shell

cpan[1]> install IPC/Cmd.pm

cpan[2]> exit

  3)编译安装 openssl

# tar xf openssl-3.0.5.tar.gz
# cd openssl-3.0.5
# ./config --prefix=/usr/local/openssl

# make && make install

备份原先可执行文件
# mv /usr/bin/openssl /usr/bin/openssl.old && mv /usr/include/openssl /usr/include/openssl.old

# ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
# ln -s /usr/local/openssl/include/openssl /usr/include/openssl
在/etc/ld.so.conf文件中写入openssl库文件的搜索路径
# echo "/usr/local/openssl/lib64" >> /etc/ld.so.conf
# ldconfig -v

# openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

6、安装 openssh

  1)编译安装包

# tar xf openssh-9.0p1.tar.gz
# cd openssh-9.0p1
# ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl

# make && make install

  2)sshd_config 配置文件修改

# echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
 
# echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
 
# echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

  3)备份原有文件,复制新的配置到目录下

# cp /etc/ssh/sshd_config{,.bak}
# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config

# mv /usr/sbin/sshd /usr/sbin/sshd.bak
# cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
 
# mv /usr/bin/ssh /usr/bin/ssh.bak
# cp /usr/local/openssh/bin/ssh /usr/bin/ssh
 
# mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
# cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
 
# mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
# cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

  4)设置开机自启动

openssh-9.0p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
# chmod +x /etc/init.d/sshd
# chkconfig --add sshd
# chkconfig sshd on

重启服务
# systemctl restart sshd.service

这里有个问题,重启得时候发现卡住了 没有返回输出
修改 sshd.service 文件

# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: activating (start) since 一 2022-10-31 16:02:07 CST; 1min 20s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 147161 (sshd)
   CGroup: /system.slice/sshd.service
           └─147161 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

10月 31 16:02:07 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
10月 31 16:02:07 localhost.localdomain sshd[147161]: Server listening on 0.0.0.0 port 22.
10月 31 16:02:07 localhost.localdomain sshd[147161]: Server listening on :: port 22.

修改 sshd.service 配置文件中得Type,将 Type=notify注释掉,或者修改为 Type=simple

  再次重新启动

# systemctl daemon-reload
# systemctl restart sshd.service
# systemctl enable sshd.service

启动正常,查看 ssh 版本

 

posted @ 2022-10-31 16:16  太阳的阳ฅ  阅读(281)  评论(0编辑  收藏  举报