centos 7升级openssh9
软件版本
软件 | 版本 | 下载地址 |
openssh | 9.0p1 | https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz |
zlib | 1.2.12 | https://zlib.net/zlib-1.2.12.tar.gz |
libressl | 3.5.3 | https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3.tar.gz |
安装步骤
安装zlib
tar xzvf zlib-1.2.12.tar.gz cd zlib-1.2.12/ ./configure --prefix=/opt/zlib-1.2.12 make make install
安装libressl
tar xzvf libressl-3.5.3.tar.gz cd libressl-3.5.3/ ./configure --prefix=/opt/libressl-3.5.3 make make install echo '/opt/libressl-3.5.3/lib' > /etc/ld.so.conf.d/libressl.conf ldconfig
如图,libressl库可以被系统找到
安装openssh
编译openssh
tar xzvf openssh-9.0p1.tar.gz cd openssh-9.0p1 ./configure --prefix=/opt/openssh-9.0p1 --with-zlib=/opt/zlib-1.2.12 --with-ssl-dir=/opt/libressl-3.5.3
编译置成功如图:
make && make install
成功后,测试如下:
如图,使用libressl编译的openssh 9已经安装成功。
配置openssh与自启动服务
新建mysshd9.service,内容如下:
[Unit] Description=OpenSSH 9 server daemon Documentation=man:sshd(8) man:sshd_config(5) After=network.target sshd-keygen.service Wants=sshd-keygen.service [Service] Type=simple EnvironmentFile=/etc/sysconfig/sshd ExecStart=/opt/openssh-9.0p1/sbin/sshd -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure RestartSec=42s [Install] WantedBy=multi-user.target
编辑/opt/openssh-9.0p1/etc/sshd_config
放开
Port 22
修改
PermitRootLogin yes
同时
#HostKey /opt/openssh-9.0p1/etc/ssh_host_rsa_key
#HostKey /opt/openssh-9.0p1/etc/ssh_host_ecdsa_key
#HostKey /opt/openssh-9.0p1/etc/ssh_host_ed25519_key
改为
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
最后如图:
最后把服务文件加入systemd管理
[root@nat-route openssh-9.0p1]# cp mysshd9.service /usr/lib/systemd/system [root@nat-route openssh-9.0p1]# systemctl daemon-reload [root@nat-route openssh-9.0p1]# systemctl status mysshd9 ● mysshd9.service - OpenSSH 9 server daemon Loaded: loaded (/usr/lib/systemd/system/mysshd9.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:sshd(8) man:sshd_config(5)
停止原来SSH服务
[root@nat-route openssh-9.0p1]# systemctl stop sshd [root@nat-route openssh-9.0p1]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: inactive (dead) since 四 2022-06-23 00:13:12 CST; 15s ago Docs: man:sshd(8) man:sshd_config(5) Process: 914 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 914 (code=exited, status=0/SUCCESS)
停止原来ssh服务后一定不要退出!!!
停止原来ssh服务后一定不要退出!!!
停止原来ssh服务后一定不要退出!!!
修改
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
权限为0600
[root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ed25519_key [root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ed25519_key [root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ecdsa_key [root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_rsa_key [root@nat-route openssh-9.0p1]# ls /etc/ssh/ -lh 总用量 604K -rw-r--r--. 1 root root 569K 11月 25 2021 moduli -rw-r--r--. 1 root root 2.3K 11月 25 2021 ssh_config -rw-------. 1 root root 3.9K 2月 28 16:23 sshd_config -rw-------. 1 root ssh_keys 227 2月 6 00:25 ssh_host_ecdsa_key -rw-r--r--. 1 root root 162 2月 6 00:25 ssh_host_ecdsa_key.pub -rw-------. 1 root ssh_keys 387 2月 6 00:25 ssh_host_ed25519_key -rw-r--r--. 1 root root 82 2月 6 00:25 ssh_host_ed25519_key.pub -rw-------. 1 root ssh_keys 1.7K 2月 6 00:25 ssh_host_rsa_key -rw-r--r--. 1 root root 382 2月 6 00:25 ssh_host_rsa_key.pub
启动新的ssh服务
[root@nat-route openssh-9.0p1]# systemctl start mysshd9 [root@nat-route openssh-9.0p1]# systemctl status mysshd9 ● mysshd9.service - OpenSSH 9 server daemon Loaded: loaded (/usr/lib/systemd/system/mysshd9.service; disabled; vendor preset: disabled) Active: active (running) since 四 2022-06-23 00:18:47 CST; 1s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 24743 (sshd) CGroup: /system.slice/mysshd9.service └─24743 sshd: /opt/openssh-9.0p1/sbin/sshd -D [listener] 0 of 10-100 startups 6月 23 00:18:47 nat-route systemd[1]: Started OpenSSH 9 server daemon. 6月 23 00:18:47 nat-route sshd[24743]: Server listening on 0.0.0.0 port 22. 6月 23 00:18:47 nat-route sshd[24743]: Server listening on :: port 22.
新开一个终端测试登陆成功后禁止原来SSH服务启动并将当前ssh服务加为开机自启动
systemctl disable sshd systemctl enable mysshd9
升级完成!
本文来自博客园,作者:一朵野生菌,转载请注明原文链接:https://www.cnblogs.com/xmy20051643/p/16403626.html