此處升級操作的原則是保留系統原有ssh服務,新安裝高版本ssh服務
1、下載openssh源碼包
http://www.openssh.com/portable.html
2、安裝
#tar zxvf openssh-7.2p2.tar.gz
#cd openssh-7.2p2
#./configure --prefix=/usr/local/openssh --sysconfdir=/usr/local/openssh/etc --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib
#make && make install
3、配置啟動腳本和配置文件
cp /etc/init.d/sshd /ghca/bak/sshd #備份舊版sshd啟動腳本
cp /ghca/openssh-7.2p2/contrib/redhat/sshd.init /etc/init.d/sshd ##拷貝新版啟動腳本
vi /etc/init.d/sshd #編輯啟動腳本
主要將以下內容
SSHD=/usr/sbin/sshd /usr/bin/ssh-keygen -A /sbin/restorecon /etc/ssh/ssh_host_key.pub /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
修改為:
SSHD=/usr/local/openssh/sbin/sshd /usr/local/openssh/bin/ssh-keygen -A /sbin/restorecon /usr/local/openssh/etc/ssh_host_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh_host_rsa_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh_host_dsa_key.pub /sbin/restorecon /usr/local/openssh/etc/ssh_host_ecdsa_key.pub
注意:此時/usr/local/openssh/etc目錄下可能沒有那幾個key,但是也可以先這樣修改,具體這個幾個key的用法還沒做研究。
4、配置公私鑰文件
#cd /root/.ssh
#/usr/local/openssh/bin/ssh-keygen -t rsa #生成公私鑰對
#cat id_rsa.pub >> authorized_keys #寫入公鑰到服務器認證文件
5、將私鑰文件下載保存至本地
/root/.ssh/id_rsa
6、重啟sshd服務
/etc/init.d/sshd restart
7、配置本地SecureCRT並登錄服務器
將對應服務器登錄session配置中去掉密碼驗證,並配置公鑰路徑,如下圖:
注意:openssh7.0以后就不允許root使用交互模式密碼登錄了,必須使用公鑰登錄,普通賬號可以使用密碼方式登錄。
* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".
* PermitRootLogin=without-password/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those
were enabled).