openssh升级

1.升级openssh

rpm -Uvh openssh-8.8p1-1.el7.x86_64.rpm  openssh-clients-8.8p1-1.el7.x86_64.rpm  openssh-server-8.8p1-1.el7.x86_64.rpm

2.修改配置文件

sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config.rpmnew
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/g" /etc/ssh/sshd_config.rpmnew

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
mv  /etc/ssh/sshd_config.rpmnew  /etc/ssh/sshd_config

#Centos7需要注意将/etc/ssh/xxx_key文件权限修改为600

chmod  600 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key

3.修改/etc/pam.d/sshd

echo "
#%PAM-1.0
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin

# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

" > /etc/pam.d/sshd

如果默认不是22端口，修改ssh配置文件、添加ssh远程连接端口

vim /etc/ssh/sshd_config
Port 10000

4.重启sshd服务

systemctl restart sshd