1.安装必要组件:

yum install -y gcc openssl-devel pam-devel rpm-build

2.下载OpenSSH最新版本:

https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
在以上网站找到最新版链接并下载解压
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar -zxvf openssh-8.0p1.tar.gz

3.到openssh-7.5p1目录下编译并安装最新版OpenSSH:

./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
如果没报错则执行安装命令
make && make install

4.查看OpenSSH版本信息

ssh -V

5.修改配置

去掉此行#,如果想远程能够远程登录root用户
#PermitRootLogin yes

6.重启并处理异常

service sshd restart
如果出现以下异常
/etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials
则注释掉相关行数即可。

第二种方法:

查看当前版本

默认ssh是7.4,ssl是1.0.2

sshd -v

openssl version

下载升级包

wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz

wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz

tar -zxvf openssl-1.1.1g.tar.gz

tar -zxvf openssh-8.3p1.tar.gz

# 安装依赖包

yum install -y gcc

# 升级OpenSSL

# 备份

mv /usr/bin/openssl /usr/bin/openssl.bak

# 编译、安装

cd openssl-1.1.1g

./config shared && make && make install

cp -r include/openssl /usr/include/

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so

ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so

ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

# 重载库文件,检查版本

ldconfig

openssl version

# 升级OpenSSH

# 备份

cp /usr/bin/ssh /usr/bin/ssh.bak

cp /usr/sbin/sshd /usr/sbin/sshd.bak

mv /etc/ssh /etc/ssh.bak

# 编译、安装

cd openssh-8.3p1

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords

make && make install

!!!!一定要加!!!!

vim /etc/ssh/sshd

PermitRootLogin yes

# 修改启动文件和pam

cp ./contrib/redhat/sshd.init /etc/init.d/sshd

cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak

systemctl daemon-reload

systemctl restart sshd

systemctl status sshd