OpenSSH 9.7

OpenSSH 9.7

参考文档
https://www.cnblogs.com/williamzheng/p/18057229
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
https://www.linuxcool.com/sshd



ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017


yum install -y gcc gcc-c++ glibc make automake autoconf zlib zlib-devel


安装openssl

openssl version -a
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  rdrand dynamic 



https://www.openssl.org/source/old/index.html


wget --no-check-certificate https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz

tar -zxf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w/
./config shared zlib -fPIC --prefix=/usr/local/openssl
make -j 2
make install
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
echo '/usr/local/openssl/lib' > /etc/ld.so.conf.d/openssl-x86_64.conf
ldconfig -v
openssl version -a


 openssl version -a
OpenSSL 1.1.1w  11 Sep 2023
built on: Fri May 17 09:32:49 2024 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wall -O3 -fPIC -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/openssl/ssl"
ENGINESDIR: "/usr/local/openssl/lib/engines-1.1"

firewall-cmd --zone=public --add-port=23/tcp --permanent

安装openssh



https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz

tar -zxvf openssh-9.7p1.tar.gz


systemctl stop sshd
mv /etc/ssh /etc/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
mv /usr/bin/ssh /usr/bin/ssh.bak

# 卸载原有openssh
rpm -qa | grep openssh
rpm -e openssh-clients-7.4p1-21.el7.x86_64 --nodeps
rpm -e openssh-server-7.4p1-21.el7.x86_64
rpm -e openssh-7.4p1-21.el7.x86_64


(可以试试yum卸载，yum remove openssh)
rpm -qa | grep openssh




./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib
make -j 2
make install

# 取消原有sshd启动方式并配置新版sshd.service
ls /usr/lib/systemd/system/ssh*
rm -f /usr/lib/systemd/system/ssh*
cp contrib/redhat/sshd.init /etc/init.d/sshd

[root@host3 openssh-9.7p1]# cp -r contrib/redhat/sshd.init /etc/init.d/sshd
[root@host3 openssh-9.7p1]# ll !$
ll /etc/init.d/sshd
-rwxr-xr-x 1 root root 1721 5月  17 23:57 /etc/init.d/sshd

# 复制sshd相关文件到新目录
mkdir /etc/ssh
vim /usr/local/openssh/etc/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
PubkeyAuthentication yes

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256
Ciphers aes128-ctr,chacha20-poly1305@openssh.com,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com




# cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config 
# 由于编译源码的时候没有指定sshd启动加载的sshd_config配置文件所在的位置，那这个配置文件的位置是 /usr/local/openssh/etc/sshd_config
# ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/lib64/ --with-zlib --with-pam --with-md5-password --with-ssl-engine --with-selinux
# 上面这个命令指定了配置文件的位置--sysconfdir=/etc/ssh  

cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

# 启动sshd服务并设置开机启动
systemctl daemon-reload
systemctl start sshd && systemctl enable sshd
ssh -V



[root@host3 openssh-9.7p1]# ssh -V
OpenSSH_9.7p1, OpenSSL 1.1.1w  11 Sep 2023