CentOS 7升级OpenSSH
下载openssh安装包
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
安装telnet
安装telnet,防止openssh安装失败导致无法连接服务器
yum install -y telnet-server xinetd
echo -e 'pts/0\npts/1\npts/2\npts/3' >>/etc/securetty
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd
连接方式:telnet ip
然后输入用户名和密码
卸载旧的openssh
rpm -e `rpm -qa | grep openssh` --nodeps
检查是否还有openssh的包
rpm -qa|grep openssh
安装依赖
yum -y install gcc pam pam-devel zlib zlib-devel openssl-devel
安装openssh
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep-path=/var/lib/sshd
make
make install
make install时可能报错
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
解决方案:chmod 600 /etc/ssh/ssh_host_*
后续配置操作:
install -v -m755 contrib/ssh-copy-id /usr/bin
install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
install -v -m755 -d /usr/share/doc/openssh-8.0p1
install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'UsePAM yes' >> /etc/ssh/sshd_config
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod +x /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
chkconfig --list sshd
重启验证
systemctl restart sshd
关闭telnet服务
vi /etc/securetty,并删除新增的四行
pts/0
pts/1
pts/2
pts/3
停止telnet服务
systemctl stop telnet.socket
systemctl disable telnet.socket
systemctl stop xinetd.service
systemctl disable xinetd.service
如果需要删除telnet和xinetd
- 使用yum history list all查看yum的历史记录
- 通过yum history info ID找到安装这两个包的那一步
- 使用yum history undo ID回退该操作