升级openssh8.5sp1
升级centos6.x到openssh8.5sp1
- 从http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ 下载openssh-8.5p1.tar.gz
wget http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz
- 解压文件
tar -zxvf openssh-8.5p1.tar.gz
- 更新 OpenSSL
wget https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1l.tar.gz --no-check-certificate
tar -xzvf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf
ldconfig -v
- 编译安装openssh:
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib
make && make install
- 修改配置文件
# ssh 允许 root 用户登录
echo 'PermitRootLogin yes' >> /usr/local/openssh/etc/sshd_config
# ssh 允许使用密码登录
echo 'PasswordAuthentication yes' >> /usr/local/openssh/etc/sshd_config
# ssh 允许使用公钥登录
echo 'PubkeyAuthentication yes' >> /usr/local/openssh/etc/sshd_config
6.替换配置文件
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config
mv /usr/sbin/sshd /usr/sbin/sshd.bak
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
mv /usr/bin/ssh /usr/bin/ssh.bak
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
mv /usr/bin/ssh-keygen /usr/bin/ssh-keygen.bak
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
mv /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub.bak
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
- 重启ssh服务
service sshd restart
升级centos7.X到openssh8.5sp1
- 下载升级包openssh-8.5p1-1.el7.tar.gz
wget https://cikeblog.com/s/openssh-8.5p1-1.el7.tar.gz
- 解压后执行
tar -zxvf openssh-8.5p1-1.el7.tar.gz
yum localinstall -y open*.rpm
- 修改配置文件
vim /etc/ssh/ssh_config
增加如下:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin yes
PasswordAuthentication yes
PubkeyAuthentication yes
修改后的文件内容为:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp /usr/local/openssh/libexec/sftp-server
PermitRootLogin yes
PasswordAuthentication yes
PubkeyAuthentication yes
- 修改文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key
- 重启服务:
systemctl restart sshd.service
注意事项
不管是centos6 还是centos7,升级完成后,务必验证完成后,再断开连接,保险起见,可以在升级前全部开启telnet服务再做升级,以免错误导致断联。
如果是gitlab服务器升级openssh版本,则还会面临新的问题,参见另一篇文章。
附录 安装配置telnet服务
- 检查是否安装了telnet服务
rpm -qa|grep telnet - 执行安装
yum install -y xinetd telnet telnet-server - 增加配置文件:
vim /etc/xinetd.d/telnet
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server =/usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
} - 重启telnet和xinetd服务
-bash-4.2# systemctl start telnet.socket
-bash-4.2# systemctl restart xinetd - 设置开机自启动
systemctl enable xinetd.service
systemctl enable telnet.socket - 默认Root无法远程访问,因此需要修改以下配置文件
etc/securetty
vi /etc/securetty
在末尾添加
pts/0
pts/1 - 查看telnet服务是否启动
ps -ef | grep 23
参考
- https://blog.youkuaiyun.com/qq_34965596/article/details/115287891
- https://its201.com/article/pobasoft2012/115730803
- https://chenjianhui.site/2020-06-23-upgrade-openssh7.7p1-centos6/
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
