opensh 升级 openssh-8.8p1

安装 telent-server 防止 openssh 无法登陆，注意开放 23 端口

yum install telnet-server -y

systemctl start telnet.socket
# 默认情况下 telnet-server 无法使用 root 登陆
useradd test
echo "123456" | passwd --stdin test

安装 openssl

cd /data/software/
yum install perl perl-devel -y
wget --no-check-certificate  https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz
tar zxvf openssl-1.1.1j.tar.gz 
cd openssl-1.1.1j
./config --prefix=/usr/local/ssl -d shared 
make -j 4 && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
mv /etc/ssh /etc/ssh.20220104

安装 openssh

cd /data/software/
tar zxvf openssh-8.8p1.tar.gz 
cd openssh-8.8p1
./configure --prefix=/usr/local/openssh-8.8p1 --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl  
make -j 4 && make install

echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

mv /usr/sbin/sshd /usr/sbin/sshd.20220104
cp -rf /usr/local/openssh-8.8p1/sbin/sshd /usr/sbin/sshd

mv /usr/bin/ssh /usr/bin/ssh.20220104
cp -rf /usr/local/openssh-8.8p1/bin/ssh /usr/bin/ssh 

mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.20220104
cp -rf /usr/local/openssh-8.8p1/bin/ssh-keygen /usr/bin/ssh-keygen

# 检查版本
ssh -V

mv /lib/systemd/system/sshd.service /tmp/
cp /data/software/openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
systemctl daemon-reload
/etc/init.d/sshd restart
systemctl status sshd
chkconfig --add sshd

systemctl stop telnet.socket

参考

https://blog.csdn.net/lenovo_/article/details/6800518
https://www.cnblogs.com/angelasp/p/13926453.html
https://blog.csdn.net/xaiodang/article/details/115369645
https://blog.csdn.net/qiankunbei/article/details/109328588