oraclelinux9.2内网升级OpenSSH9.8p1

oraclelinux9.2内网升级OpenSSH9.8p1

#备份SSH
mkdir -p /etc/sshbak
cp -rf /etc/ssh/* /etc/sshbak
cp -rf /usr/bin/openssl /usr/bin/openssl.bak
cp -rf /etc/pam.d /etc/pam.d.bak
cp -rf /usr/lib/systemd/system /system.bak

dnf install -y gcc gcc-c++

#上传3个压缩包，下载地址如下
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
https://www.openssl.org/source/openssl-3.2.1.tar.gz
https://www.zlib.net/zlib-1.3.1.tar.xz

#把包放在/usr/local/src
mv openssh-9.8p1.tar.gz /usr/local/src
mv openssl-3.2.1.tar.gz /usr/local/src
mv zlib-1.3.1.tar.gz /usr/local/src

#解压包
cd /usr/local/src/
tar -zxvf zlib-1.3.1.tar.gz
tar -zxvf openssl-3.2.1.tar.gz
tar -zxvf openssh-9.8p1.tar.gz

#安装zlib-1.3.1
cd /usr/local/src/zlib-1.3.1
./configure --prefix=/usr/local/src/zlib
make -j 4 && make test && make install

#卸载，注意一定要多开几个连接，否则一旦掉线，就上不去服务器了
#记得备份OPENSSH
dnf remove -y openssh

dnf install -y perl

cd /usr/local/src/openssl-3.2.1
#2.配置
./config --prefix=/usr/local/src/openssl
#3.编译及安装（编译时间预计几分钟，视机器而定）
make -j 4 && make install

#4.配置
mv /usr/bin/openssl /usr/bin/oldopenssl
ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
#5.更新动态库
export LD_LIBRARY_PATH=/usr/local/src/openssl-3.2.1:$LD_LIBRARY_PATH
openssl version -v
#显示OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
#有效以后，输入下面内容
vi ~/.bashrc
#在文件最后一行输入如下内容
export LD_LIBRARY_PATH=/usr/local/src/openssl-3.2.1:$LD_LIBRARY_PATH
#然后保存退出后输入
source ~/.bashrc

#1.进入openssh-9.8p1目录
cd /usr/local/src/openssh-9.8p1
#2.配置
./configure --prefix=/usr/local/src/ssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/src/openssl --with-zlib=/usr/local/src/zlib
#3.编译及安装
make -j 4 && make install
#4.报错信息如下make: [Makefile:396：check-config] 错误 1 (已忽略）
#修改权限
chmod 0600 /etc/ssh/ssh_host_rsa_key
chmod 0600 /etc/ssh/ssh_host_ecdsa_key
chmod 0600 /etc/ssh/ssh_host_ed25519_key
#5.复制新ssh文件
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /usr/local/src/openssh-9.8p1/contrib/redhat/sshd.pam /etc/pam.d/sshd
cp -rf /usr/local/src/ssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/src/ssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/src/ssh/bin/ssh-keygen /usr/bin/ssh-keygen
ssh -V
#6.允许root登录
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
#7.进入备份文件，把sshd服务复制到/usr/lib/systemd/system/
cd /system.bak
cp sshd.service /usr/lib/systemd/system/sshd.service
vim /usr/lib/systemd/system/sshd.service
#需要修改启动方式
#把Type=notify改成Type=simple
systemctl daemon-reload
systemctl restart sshd
systemctl enable sshd
systemctl status sshd

#补如果内网无法使用dnf，就去https://www.rpmfind.net/下载你要的RPM包
安装命令rpm -ivh *.rpm --nodeps --force