centos6升级openssh

环境:
OS:Centos 6

1.查看当前的ssh和ssl版本
[root@localhost ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

 

2.下载最新的版本
OpenSSH9.8:
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.8/openssh-9.8p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.8/openssh-clients-9.8p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.8/openssh-debuginfo-9.8p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.8/openssh-server-9.8p1-1.el6.x86_64.rpm

OpenSSH9.7
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.7/openssh-9.7p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.7/openssh-clients-9.7p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.7/openssh-debuginfo-9.7p1-1.el6.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el6/openssh-9.7/openssh-server-9.7p1-1.el6.x86_64.rpm

 

3.备份原来ssh相关配置文件
[root@localhost ssh]#cp -rp /etc/ssh /etc/ssh-bak

4.卸载老版本的openssh(不要断开终端,不然无法远程连接)
[root@localhost soft]#rpm -qa | grep openssh | xargs rpm -e --nodeps

 

5.安装新版本:安装后执行命令ssh -V 查看新的版本.

[root@localhost soft]# rpm -Uvh openssh-*.rpm
Preparing...                ########################################### [100%]
   1:openssh                ########################################### [ 25%]
   2:openssh-clients        ########################################### [ 50%]
   3:openssh-server         ########################################### [ 75%]
   4:openssh-debuginfo      ########################################### [100%]

 

6.设置ssh配置文件权限
[root@localhost soft]# chmod -v 600 /etc/ssh/ssh_host_*_key
mode of `/etc/ssh/ssh_host_dsa_key' retained as 0600 (rw-------)
mode of `/etc/ssh/ssh_host_rsa_key' retained as 0600 (rw-------)

 

7.执行如下命令检测配置文件是否正常
[root@localhost soft]# sshd -t
说明:若检测提示“UsePrivilegeSeparation 相关报错,则执行如下命令在检测.
sed -i '/UsePrivilegeSeparation/s/^/#/' /etc/ssh/sshd_config

 

8.检测配置文件没问题后再考虑重启sshd服务。
重启ssh服务,这里很关键若是启动失败的话,远程无法连接,若是环境允许的话,可以提前配置好telnet服务(https://www.cnblogs.com/hxlasky/p/18527522),万一升级失败,远程还可以通过telnet登录
service sshd restart

 

9.客户端连接
报如下错误:

Key exchange failed.
No compatible key exchange method. The server supports these methods: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00@openssh.com
No compatible hostkey. The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

 


这里上因为我这里的SecureCrt是7版本的,安装较新版本的SecureCrt 9.1.1 后就可以登录了

10.查看新安装的版本
[root@localhost ~]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1w 11 Sep 2023
[root@localhost ~]#

 

posted @ 2024-11-05 10:59  slnngk  阅读(19)  评论(0编辑  收藏  举报