0
点赞
收藏
分享

微信扫一扫

CentOS 升级SSH至9.0P1

有点d伤 2023-06-28 阅读 85

文章引用:https://www.cnblogs.com/ippondo/p/16573478.html

1.安装组件

yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel

2.下载OpenSSL和OpenSSH 

mkdir /tmp/update

cd /tmp/update

wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1q.tar.gz  #因为提示该网站证书过期,所以要加--no-check-certificate 来跳过证书检查

wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

3.解压文件

tar xf openssl-1.1.1q.tar.gz

tar xf openssh-9.0p1.tar.gz

4.备份OpenSSL配置

mv /usr/bin/openssl{,.bak}

mv /usr/include/openssl{,.bak}

5.安装新下载的OpenSSL

cd openssl-1.1.1q/


./config shared && make && make install

ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -s /usr/local/include/openssl/ /usr/include/openssl

echo "/usr/local/lib64" >> /etc/ld.so.conf

/sbin/ldconfig                    #可用 openssl version 或者 ssh -V 检验版本

6.备份OpenSSH配置

mv /etc/ssh{,.bak}

7.安装新下载的OpenSSH

mkdir /usr/local/openssh

cd openssh-9.0p1/

./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/include --with-ssl-dir=/usr/local/lib64 --with-zlib --with-md5-passwords --with-pam && make && make install

echo "UseDNS no" >> /etc/ssh/sshd_config

echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config

echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config

echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config

mv /usr/sbin/sshd{,.bak}

mv /usr/bin/ssh{,.bak}

mv /usr/bin/ssh-keygen{,.bak}

ln -s /usr/local/openssh/bin/ssh /usr/bin/ssh

ln -s /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

ln -s /usr/local/openssh/sbin/sshd /usr/sbin/sshd

ssh -V

OpenSSH_9.0p1, OpenSSL 1.1.1q  5 Jul 2022
8.重新生成启动文件
systemctl disable sshd --now

mv /usr/lib/systemd/system/sshd.service{,.bak}

systemctl daemon-reload

cd /tmp/update

cp -a openssh-9.0p1/contrib/redhat/sshd.init /etc/init.d/sshd

cp -a openssh-9.0p1/contrib/redhat/sshd.pam /etc/pam.d/sshd.pam

chkconfig --add sshd

systemctl enable sshd --now

systemctl start sshd

systemctl status sshd    
9 关闭linuxsec
临时:setenforce 0
永入关闭:selinux  vi /etc/selinux/config
修改SELINUX=enforce为SELINUX=disable

举报

相关推荐

0 条评论