OpenSSH 升级

OpenSSH 升级版本到最新(OpenSSH_8.7p1)

1.依赖软件包：

yum install wget gcc -y
yum install -y zlib-devel openssl-devel 
yum install pam-devel libselinux-devel zlib-devel openssl-devel -y 

2.下载安装包 openssh-8.7p1.tar.gz 上传至服务器或 wget 直接下载

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz

3.删除低版本OpenSSH的的rpm包

rpm -e --nodeps `rpm -qa | grep openssh` 

4.安装openssh

• 解压

  tar -zxvf openssh-8.7p1.tar.gz
  cd  openssh-8.7p1
  

• 配置

  ./configure   --prefix=/usr   --sysconfdir=/etc/ssh    --with-md5-passwords   --with-pam --with-zlib   --with-tcp-wrappers    --with-ssl-dir=/usr/local/ssl   --without-hardening
  

• 编译安装

  make
  make install
  

• 赋权

  chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
  

• 复制配置文件

  cp -a contrib/redhat/sshd.init  /etc/init.d/sshd
  cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
  chmod u+x /etc/init.d/sshd
  

• 设置允许root用户远程登录

  vim /etc/ssh/sshd_config 
  

  1. 去掉注释 #PermitRootLogin prohibit-password 并把prohibit-password改为yes；
     
  2. 去掉注释 #PasswordAuthentication yes 变为 PasswordAuthentication yes。
     
     

• 添加添加自启服务ssh到开机启动项

  chkconfig --add sshd
  chkconfig sshd on
  

• 重启服务

  systemctl restart sshd
  systemctl status sshd
  

5.查看安装结果

ssh -V