Centos升级openssh_cenots 升级 openssh

1、查看ssh版本

ssh -V

##查看运行状态：
systemctl status sshd.service

##重启ssh服务
systemctl restart sshd
1
2
3
4
5
6
7

2、安装依赖包

yum install zlib-devel pam-devel -y
1

cd /usr/local/ && wget -P /usr/local/ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz --no-check-certificate
1

3、解压openssh包

tar xfz openssh-9.0p1.tar.gz

chown -R root:root openssh-9.0p1 && cd ./openssh-9.0p1
1
2
3

mkdir -p /home/sshbak

cp -arp /etc/ssh /home/sshbak/

mv /etc/ssh /etc/ssholdbak
1
2
3
4
5

4、设置编译参数和编译安装，注意要更新openssl后才能生效

cd /usr/local/openssh-9.0p1

./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl/lib/ --with-zlib --with-md5-passwords --with-pam


make && make install
1
2
3
4
5
6

5、修改配置文件/etc/ssh/sshd_config，取消注释以下文件，没有的则进行添加

vi /etc/ssh/sshd_config

PermitRootLogin  yes     				  #允许root登录，root用户必须添加 
AuthorizedKeysFile  .ssh/authorized_keys  #指定公钥文件的保存位置以及名称 
PasswordAuthentication yes                #允许密码验证证 
UsePAM  yes                               #PAM模块 
UseDNS  no                                #关闭dns检测 
Subsystem sftp /usr/ibexec/sftp-server    #开启SFTP并指定路径
1
2
3
4
5
6
7
8

cd /etc/ssh

mv sshd_config sshd_config.bak

cp /home/sshbak/ssh/sshd_config /etc/ssh/
1
2
3
4
5

6、检测文件配置测试

sshd -t
1

7、修改pam认证文件

echo "/etc/pam.d/sshd"

cp /etc/pam.d/sshd /etc/pam.d/sshd.bak

cat > /etc/pam.d/sshd <<'EOF'

#%PAM-1.0
auth 	required 	pam_sepermit.so 
auth 	include 	password-auth 
account required 	pam_nologin.so
account include 	password-auth 
password include 	password-auth
# pam selinux.so close should be the first session rule
session required 	pam_selinux.so close 
session required 	pam_loginuid.so 
# pam selinux.so open should only be fo owed by sessions to be executed in the user context
session required 	pam_selinux.so open env_params 
session optional 	pam_keyinit.so force revoke 
session include 	password-auth 
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

8、添加互信命令文件ssh-copy-id

mv /usr/bin/ssh-copy-id /home/sshbak/

cd /usr/local/openssh-9.0p1

install -v -m755 contrib/ssh-copy-id /usr/bin
1
2
3
4
5

9、开机启动，由于升级到非红帽体系最新版，故开机自启使用SysV托管，使用systemd托管会有问题

cp -a contrib/redhat/sshd.init /etc/init.d/sshd

chmod +x /etc/init.d/sshd

cd /etc/init.d

/sbin/chkconfig --add sshd

systemctl enable sshd

mv /usr/lib/systemd/system/sshd.service /home/sshbak/

mv /usr/lib/systemd/system/sshd.socket /home/sshbak/
1
2
3
4
5
6
7
8
9
10
11
12
13

/sbin/chkconfig sshd on

systemctl daemon-reload

systemctl restart sshd

systemctl status sshd

/sbin/chkconfig --list
1
2
3
4
5
6
7
8
9

至此openssh升级完成。

10、检查版本是否为新版本

ssh -V
1