注:生產環境親測,無截圖,整理出完整命令行,供參考(Centos系統操作相同,只是少了yum變更)
首先,確保Redhat yum源能夠使用
RedHat下的yum是需要注冊才能使用的,所有需要更換yum源(見另一篇文章,redhat更換centosyum)
一.安裝zlib
1.#rpm -qa | grep zlib(查看zlib是否安裝)
#wget http://www.zlib.net/zlib-1.2.11.tar.gz(目前最新的zlib版本)
#yum - y install gcc make(安裝gcc、openssl-devel)
#tar -zxvf zlib-1.2.11.tar.gz
#cd zlib-1.2.11/
#./configure --prefix=/usr/local/zlib
#make && make install
二.升級openssl
2.openssl version(查看openssl版本)
#wget https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz
#yum -y install gcc-c++ glibc autoconf openssl openssl-devel pcre-devel pam-devel
#yum -y install pam* zlib*
#mv /usr/bin/openssl /usr/bin/openssl_bak
#tar -zxvf openssl-1.0.2r.tar.gz
#cd openssl-1.0.2r/
#./config shared zlib
#make && make install
#echo $?
#ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
#ln -s /usr/local/ssl/include/openssl /usr/include/openssl
#ll
#ll /usr/bin/openssl
#ll /usr/include/openssl -ld
#echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#/sbin/ldconfig
#openssl version(查看成功)
三.升級Openssh
1.ssh -V(查看)
#wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
#tar -zxvf openssh-8.0p1/
#chown -R root:root /root/openssh-8.0p1
#./configure --prefix=/usr/ \
--sysconfdir=/etc/ssh \
--with-openssl-includes=/usr/local/ssl/include/ \
--with-ssl-dir=/usr/local/ssl/ \
--with-zlib \
--with-md5-passwords \
--with-pam
#make && make install
#chmod 600 /etc/ssh/ssh_host_rsa_key
#chmod 600 /etc/ssh/ssh_host_ecdsa_key
#chmod 600 /etc/ssh/ssh_host_ed25519_key
#cp -a contrib/redhat/sshd.init /etc/init.d/sshd
#cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#chmod +x /etc/init.d/sshd
#chkconfig --add sshd
#systemctl enable sshd
#mv /usr/lib/systemd/system/sshd.service /root/
#systemctl daemon-reload
#/etc/init.d/sshd restart(systemctl restart sshd)
#/etc/init.d/sshd status(systemctl status sshd)
#vim /etc/ssh/sshd_config(最后修改配置文件端口、權限等)
#systemctl restart sshd
#ssh -V(已升級到目標8.0p1、1.0.2r)