1.安装必要组件:
yum install -y gcc openssl-devel pam-devel rpm-build
|
2.下载OpenSSH最新版本:
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ 在以上网站找到最新版链接并下载解压 wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz tar -zxvf openssh-8.0p1.tar.gz
|
3.到openssh-7.5p1目录下编译并安装最新版OpenSSH:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers 如果没报错则执行安装命令 make && make install
|
4.查看OpenSSH版本信息
5.修改配置
去掉此行#,如果想远程能够远程登录root用户 #PermitRootLogin yes
|
6.重启并处理异常
service sshd restart 如果出现以下异常 /etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication /etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials 则注释掉相关行数即可。
|
第二种方法:
查看当前版本
默认ssh是7.4,ssl是1.0.2
下载升级包
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
tar -zxvf openssl-1.1.1g.tar.gz
tar -zxvf openssh-8.3p1.tar.gz
# 安装依赖包
yum install -y gcc
# 升级OpenSSL
# 备份
mv /usr/bin/openssl /usr/bin/openssl.bak
# 编译、安装
cd openssl-1.1.1g
./config shared && make && make install
cp -r include/openssl /usr/include/
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so
ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so
ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
# 重载库文件,检查版本
ldconfig
openssl version
# 升级OpenSSH
# 备份
cp /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
mv /etc/ssh /etc/ssh.bak
# 编译、安装
cd openssh-8.3p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords
make && make install
!!!!一定要加!!!!
vim /etc/ssh/sshd
PermitRootLogin yes
# 修改启动文件和pam
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd
|