centos 7升级openssh9

软件版本

软件 版本 下载地址
openssh 9.0p1 https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz
zlib 1.2.12 https://zlib.net/zlib-1.2.12.tar.gz
libressl 3.5.3 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3.tar.gz

 

安装步骤

安装zlib

tar xzvf zlib-1.2.12.tar.gz
cd zlib-1.2.12/
./configure --prefix=/opt/zlib-1.2.12
make
make install

安装libressl

tar xzvf libressl-3.5.3.tar.gz
cd libressl-3.5.3/
./configure --prefix=/opt/libressl-3.5.3
make
make install
echo '/opt/libressl-3.5.3/lib' > /etc/ld.so.conf.d/libressl.conf
ldconfig

如图,libressl库可以被系统找到

安装openssh

编译openssh

tar xzvf openssh-9.0p1.tar.gz
cd openssh-9.0p1
./configure --prefix=/opt/openssh-9.0p1 --with-zlib=/opt/zlib-1.2.12 --with-ssl-dir=/opt/libressl-3.5.3
编译置成功如图:
make && make install

 成功后,测试如下:

如图,使用libressl编译的openssh 9已经安装成功。

配置openssh与自启动服务

新建mysshd9.service,内容如下:

[Unit]
Description=OpenSSH 9 server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=simple
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/opt/openssh-9.0p1/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target 

编辑/opt/openssh-9.0p1/etc/sshd_config

放开

Port 22

修改

PermitRootLogin yes

同时

#HostKey /opt/openssh-9.0p1/etc/ssh_host_rsa_key
#HostKey /opt/openssh-9.0p1/etc/ssh_host_ecdsa_key
#HostKey /opt/openssh-9.0p1/etc/ssh_host_ed25519_key

改为

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

最后如图:

 

最后把服务文件加入systemd管理

[root@nat-route openssh-9.0p1]# cp mysshd9.service /usr/lib/systemd/system
[root@nat-route openssh-9.0p1]# systemctl daemon-reload 
[root@nat-route openssh-9.0p1]# systemctl status mysshd9
● mysshd9.service - OpenSSH 9 server daemon
   Loaded: loaded (/usr/lib/systemd/system/mysshd9.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:sshd(8)
           man:sshd_config(5)

停止原来SSH服务

[root@nat-route openssh-9.0p1]# systemctl stop sshd
[root@nat-route openssh-9.0p1]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since 四 2022-06-23 00:13:12 CST; 15s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 914 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 914 (code=exited, status=0/SUCCESS) 

停止原来ssh服务后一定不要退出!!!

停止原来ssh服务后一定不要退出!!!

停止原来ssh服务后一定不要退出!!!

修改

/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key

权限为0600

[root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ed25519_key
[root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ed25519_key
[root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_ecdsa_key
[root@nat-route openssh-9.0p1]# chmod go-r /etc/ssh/ssh_host_rsa_key
[root@nat-route openssh-9.0p1]# ls /etc/ssh/ -lh
总用量 604K
-rw-r--r--. 1 root root     569K 11月 25 2021 moduli
-rw-r--r--. 1 root root     2.3K 11月 25 2021 ssh_config
-rw-------. 1 root root     3.9K 2月  28 16:23 sshd_config
-rw-------. 1 root ssh_keys  227 2月   6 00:25 ssh_host_ecdsa_key
-rw-r--r--. 1 root root      162 2月   6 00:25 ssh_host_ecdsa_key.pub
-rw-------. 1 root ssh_keys  387 2月   6 00:25 ssh_host_ed25519_key
-rw-r--r--. 1 root root       82 2月   6 00:25 ssh_host_ed25519_key.pub
-rw-------. 1 root ssh_keys 1.7K 2月   6 00:25 ssh_host_rsa_key
-rw-r--r--. 1 root root      382 2月   6 00:25 ssh_host_rsa_key.pub

启动新的ssh服务

[root@nat-route openssh-9.0p1]# systemctl start mysshd9
[root@nat-route openssh-9.0p1]# systemctl status mysshd9
● mysshd9.service - OpenSSH 9 server daemon
   Loaded: loaded (/usr/lib/systemd/system/mysshd9.service; disabled; vendor preset: disabled)
   Active: active (running) since 四 2022-06-23 00:18:47 CST; 1s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 24743 (sshd)
   CGroup: /system.slice/mysshd9.service
           └─24743 sshd: /opt/openssh-9.0p1/sbin/sshd -D [listener] 0 of 10-100 startups

6月 23 00:18:47 nat-route systemd[1]: Started OpenSSH 9 server daemon.
6月 23 00:18:47 nat-route sshd[24743]: Server listening on 0.0.0.0 port 22.
6月 23 00:18:47 nat-route sshd[24743]: Server listening on :: port 22.

新开一个终端测试登陆成功后禁止原来SSH服务启动并将当前ssh服务加为开机自启动

systemctl disable sshd
systemctl enable mysshd9

升级完成!

  

posted @ 2022-06-23 00:26  一朵野生菌  阅读(3302)  评论(0编辑  收藏  举报