前言
整个过程不要断开ssh链接,如有必要可使用telnet远程操作。
系统版本:centos 7.9
OpenSSL版本:1.0.2k -> 1.1.1q
OpenSSH版本:7.4p1 -> 9.1p1
步骤
- 下载OpenSSL和openssh的源码包并解压。
- OpenSSL官网地址: https://www.openssl.org/
- OpenSSH官网地址:http://www.openssh.com/
wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz
tar xf openssl-1.1.1q.tar.gz
tar xf openssh-9.1p1.tar.gz
- 编译安装OpenSSL
# 2.1 备份openssl
mv /usr/bin/openssl{,.bak}
mv /usr/include/openssl{,.bak}
# 2.2 进入源码包解压后的目录进行编译
cd openssl-1.1.1q
./config shared && make && make install
# 2.3 创建链接
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl
# 2.4 添加库文件并加载
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
# 2.5 验证openssl的版本
openssl version
- 编译安装OpenSSH
# 3.1 备份ssh
mv /etc/ssh{,.bak}
# 3.2 进入源码包解压后的目录进行编译
cd openssh-9.1p1
# 3.3 创建安装目录
mkdir /usr/local/openssh
# 3.4 预编译
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords
# 3.5 编译。多核CPU可使用 -j 选项加速编译
make
# 3.6 安装
make install
# 3.7 添加ssh配置
echo "UseDNS no" >> /etc/ssh/sshd_config
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
echo "X11Forwarding yes" >> /etc/ssh/sshd_config
echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
echo "XAuthLocation /usr/bin/xauth" >> /etc/ssh/sshd_config
# 3.8 替换二进制文件
mv /usr/sbin/sshd{,.bak}
mv /usr/bin/ssh{,.bak}
mv /usr/bin/ssh-keygen{,.bak}
# 3.9 创建链接
ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh
ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd
# 3.10 验证版本
ssh -V
# 3.11 更新sshd的启动脚本
mv /usr/lib/systemd/system/sshd.service{,.bak}
## contrib在openssh源码包解压后的目录
cp -a ./contrib/redhat/sshd.init /etc/init.d/sshd
cp -a ./contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chkconfig --add sshd
systemctl enable sshd --now
systemctl restart sshd
- 测试ssh连接