CentOS7離線升級OpenSSH_8.8p1

一、環境

centos7.9,升級openssh到8.8p1最新版本

 

 

 

 二、下載升級包

# openssl和zlib為相關依賴

wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1j.tar.gz
wget http://www.zlib.net/zlib-1.2.11.tar.gz

 

三、編譯安裝

1、確認安裝了gcc編譯環境

 

# yum install -y gcc gcc-c++（yum安裝gcc編譯環境）

 

2、編譯安裝zlib

# tar -zxvf zlib-1.2.11.tar.gz

# cd zlib-1.2.11

# ./configure --prefix=/usr/local/zlib

# make && make install

 

3、編譯安裝openssl

# tar -zxvf openssl-1.1.1j.tar.gz

# cd openssl-1.1.1j

# ./config --prefix=/usr/local/ssl -d shared

# make && make install

# echo '/usr/local/ssl/lib' >> /etc/ld.so.conf

# ldconfig -v

# /usr/local/ssl/bin/openssl version -a

 

4、編譯安裝openssh

# tar -zxvf openssh-8.8p1.tar.gz

# cd openssh-8.8p1

# ./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl

# make && make install

 

四、配置文件備份和修改

# sshd_config文件修改
echo 'PermitRootLogin yes' >>/usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >>/usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >>/usr/local/openssh/etc/sshd_config

# 備份原有文件，並將新的配置復制到指定目錄

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config

mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd

mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh

mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen

mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub

 

# 修改systemd參數（去掉Type或改為Type=simple）
vim /usr/lib/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
#Type=notify
Type=simple
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target

 

五、重啟sshd服務

[root@server1 openssh-8.8p1]# systemctl daemon-reload
[root@server1 openssh-8.8p1]# systemctl restart sshd
[root@server1 openssh-8.8p1]# systemctl status sshd

 

 六、注意

如果要修改ssh的配置文件必須得修改/usr/local/openssh/etc/sshd_config，修改/etc/ssh/sshd_config不會生效。

 

第二種方法：

一、openssh-9.0p1版本升級

1. 備份文件

cp /etc/pam.d/sshd /etc/pam.d/sshd-bak0713
cp /etc/ssh/sshd_config  /etc/ssh/sshd_config-bak0713

2. 升級openssh包

rpm -Uvh openssh*

3. 還原ssh配置

cp -f /etc/ssh/sshd_config-bak0731  /etc/ssh/sshd_config
cp -f /etc/pam.d/sshd-bak0713  /etc/pam.d/sshd
chmod 600 /etc/ssh/ssh*
sed -i s/^#PermitRootLogin/PermitRootLogin/g  /etc/ssh/sshd_config

4. 重啟ssh服務

systemctl restart sshd
systemctl status sshd