CentOS 升级SSH至9.0P1
应客户要求把2个CentOS7.8的openssh升级到9.0,参考不少大神的文章后总算升级完成了
1.安装组件
yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel
2.下载OpenSSL和OpenSSH
makedir /tmp/update
cd /tmp/update
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz #因为提示该网站证书过期,所以要加--no-check-certificate 来跳过证书检查
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
3.解压文件
tar xf openssl-1.1.1q.tar.gz
tar xf openssh-9.0p1.tar.gz
4.备份OpenSSL配置
mv /usr/bin/openssl{,.bak}
mv /usr/include/openssl{,.bak}
5.安装新下载的OpenSSL
cd openssl-1.1.1q/
./config shared && make && make install
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig #可用 openssl version 或者 ssh -V 检验版本
6.备份OpenSSH配置
mv /etc/ssh{,.bak}
7.安装新下载的OpenSSH
mkdir /usr/local/openssh
cd openssh-9.0p1/
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords --with-pam && make && make install
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
mv /usr/sbin/sshd{,.bak}
mv /usr/bin/ssh{,.bak}
mv /usr/bin/ssh-keygen{,.bak}
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd
ssh -V
OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022
8.重新生成启动文件
systemctl disable sshd --now
mv /usr/lib/systemd/system/sshd.service{,.bak}
systemctl daemon-reload
cd /tmp/update
cp -a openssh-9.0p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -a openssh-9.0p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
systemctl enable sshd --now
systemctl start sshd
systemctl status sshd #查看服务状态,如果是Active: active (running)就可以尝试重新用ssh连接,测试成功后表示升级成功
