centos7升级openssh

环境:
OS:Centos 7

1.查看当前的ssh和ssl版本
[root@localhost ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

 

2.下载最新的版本
OpenSSH9.8:
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.8/openssh-9.8p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.8/openssh-clients-9.8p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.8/openssh-debuginfo-9.8p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.8/openssh-server-9.8p1-1.el7.x86_64.rpm

OpenSSH9.7
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.7/openssh-9.7p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.7/openssh-clients-9.7p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.7/openssh-debuginfo-9.7p1-1.el7.x86_64.rpm
wget http://down.tag.gg/Openssh/rpm/el7/openssh-9.7/openssh-server-9.7p1-1.el7.x86_64.rpm

 

3.备份原来ssh相关配置文件
[root@localhost ssh]#cp -rp /etc/ssh /etc/ssh-bak

 

4.卸载老版本的openssh(不要断开终端,不然无法远程连接)
[root@localhost soft]#rpm -qa | grep openssh | xargs rpm -e --nodeps

说明:不卸载旧版本也可以继续后面的升级操作 

 

5.安装新版本:安装后执行命令ssh -V 查看新的版本.
[root@localhost soft]# rpm -Uvh openssh-*.rpm
Preparing... ################################# [100%]
Updating / installing...
1:openssh-9.8p1-1.el7 ################################# [ 25%]
2:openssh-clients-9.8p1-1.el7 ################################# [ 50%]
3:openssh-server-9.8p1-1.el7 ################################# [ 75%]
4:openssh-debuginfo-9.8p1-1.el7 ################################# [100%]

6.设置ssh配置文件权限
[root@localhost soft]# chmod -v 600 /etc/ssh/ssh_host_*_key
mode of `/etc/ssh/ssh_host_dsa_key' retained as 0600 (rw-------)
mode of `/etc/ssh/ssh_host_rsa_key' retained as 0600 (rw-------)

 

7.执行如下命令检测配置文件是否正常
[root@localhost soft]# sshd -t
说明:若检测提示“UsePrivilegeSeparation 相关报错,则执行如下命令在检测.
sed -i '/UsePrivilegeSeparation/s/^/#/' /etc/ssh/sshd_config

 

8.检测配置文件没问题后再考虑重启sshd服务。
重启ssh服务,这里很关键若是启动失败的话,远程无法连接
[root@localhost soft]# systemctl restart sshd


9.客户端连接
报如下错误:
Key exchange failed.
No compatible key exchange method. The server supports these methods: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00@openssh.com
No compatible hostkey. The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

这里上因为我这里的SecureCrt是7版本的,安装较新版本的SecureCrt 9.1.1 后就可以登录了

 

10.查看新安装的版本
[root@localhost ~]# ssh -V
OpenSSH_9.8p1, OpenSSL 1.1.1w 11 Sep 2023
[root@localhost ~]#

 

posted @ 2024-11-05 13:45  slnngk  阅读(35)  评论(0编辑  收藏  举报