Linux——OpenSSH如何升級到最新版本

前言

官網

安裝說明

下載 | FTP

下載 | RSYNC

下載 | HTTP

步驟

升級方法一

具體的內容請查看腳本內容

#!/bin/bash

## 查看現有的ssh的版本並升級到最新版本
cd /opt
ssh -V
openssl version
yum update openssh -y

## 安裝啟動並配置telnet服務 | 防止ssh升級失敗無法訪問服務器
yum install -y telnet-server* telnet xinetd
systemctl enable xinetd.service
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd.service
echo 'pts/0' >>/etc/securetty
echo 'pts/1' >>/etc/securetty
echo 'pts/2' >>/etc/securetty

## 升級ssh
yum install  -y gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel  pam-devel
yum install  -y pam* zlib*
wget -c https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
wget -c https://ftp.openssl.org/source/openssl-1.0.2r.tar.gz
tar xfz openssh-8.1p1.tar.gz
tar xfz openssl-1.0.2r.tar.gz
mv /usr/bin/openssl /usr/bin/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
cd /opt/openssl-1.0.2r
./config shared && make && make install
echo $?
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version
cd /opt/openssh-8.1p1
chown -R root.root /opt/openssh-8.1p1
cp -r  /etc/ssh /tmp/
rm -rf /etc/ssh
./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl   --with-zlib   --with-md5-passwords   --with-pam  && make && make install
echo $?
 
cat > /etc/ssh/sshd_config <<EOF
PermitRootLogin yes
AuthorizedKeysFile      .ssh/authorized_keys
UseDNS no
Subsystem       sftp    /usr/libexec/sftp-server
EOF
grep "^PermitRootLogin"  /etc/ssh/sshd_config
cat /tmp/ssh/sshd_config |grep -v '#' |grep -v '^$'
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd
chkconfig --add sshd
systemctl enable sshd
mv  /usr/lib/systemd/system/sshd.service  /opt/
mv  /usr/lib/systemd/system/sshd.socket  /opt/
chkconfig sshd on
service sshd restart
openssl version
ssh -V

關閉telnet服務

自測后如果沒有問題的話,自行把telnet服務關閉

systemctl disable xinetd
systemctl disable telnet.socket
systemctl stop xinetd.service
systemctl stop telnet.socket

效果如下

升級方法二

升級包
鏈接：https://share.weiyun.com/BhDw35zi

1. 確認gcc等工具已經安裝好了
2. 為了安全直接屏蔽了root賬戶,確認創建好非root賬戶登錄ssh

##SSH升級
mv /usr/bin/openssl /usr/bin/openssl.bak
tar -zxvf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config shared && make && make install
\cp -rvf include/openssl /usr/include/
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so
ln -snf /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so
ln -snf /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
ldconfig
openssl version

# 備份
cp /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/sbin/sshd /usr/sbin/sshd.bak
mv /etc/ssh /etc/ssh.bak
 tar -zxvf openssh-8.3p1.tar.gz
cd openssh-8.3p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords
make && make install

# 修改啟動文件和pam
cp ./contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd