openssh升级到9.9p1

99lek

已于 2024-10-22 17:02:16 修改

阅读量1.1k

点赞数 17

CC 4.0 BY-SA版权

文章标签： linux 运维服务器

于 2024-10-22 13:24:01 首次发布

本文链接：https://blog.youkuaiyun.com/zzylekang/article/details/143144489

openssh升级到9.9p1

适用OS
参考
安装telnet
升级openssh

适用OS

已在centos 7.x验证通过

参考

https://blog.youkuaiyun.com/xingzuo_1840/article/details/140657903
https://www.openssh.com/openbsd.html

安装telnet

yum -y install xinetd telnet-server

允许root登陆
	pam_securetty.so模块 只允许root用户在/etc/securetty列出的安全终端上登陆。
	cp /etc/securetty /etc/securetty.bak
	echo "pts/0" >> /etc/securetty
	echo "pts/1" >> /etc/securetty
	echo "pts/2" >> /etc/securetty
	systemctl restart telnet.socket
	systemctl restart xinetd
测试登陆
	telnet ip 23

升级openssh

下载：
	https://openssl-library.org/source/old/1.1.1/index.html
	https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
	https://www.zlib.net/
	openssh-9.9p1.tar.gz
	openssl-1.1.1w.tar.gz
	zlib-1.2.11.tar.xz

使用telnet登陆服务器
关闭selinux
关闭防火墙
卸载旧版openssh：
	systemctl stop sshd
	cp -r /etc/ssh /etc/ssh.old 
	yum remove openssh
编译安装zlib
	xz -d zlib-1.2.11.tar.xz
	tar -xvf zlib-1.2.11.tar
	cd zlib-1.2.11
	./configure --prefix=/usr/local/zlib
	make
	make install
添加zlib到库
	vi /etc/ld.so.conf.d/zlib.conf
		/usr/local/zlib/lib
	ldconfig -v
编译安装openssl
	tar -xzvf openssl-1.1.1w.tar.gz
	cd openssl-1.1.1w
	./config shared zlib --with-zlib-include=/usr/local/zlib/include --with-zlib-lib=/usr/local/zlib/lib
		shared：这个参数表示生成共享库（动态链接库）
		zlib：这个参数表示在编译 OpenSSL 时启用对 zlib 压缩库的支持。
	make
	make test
	make install
	ln -s /usr/local/bin/openssl /usr/bin/openssl	有的服务器需要
	ln -s /usr/local/include/openssl /usr/include/openssl
	测试安装结果：openssl version
添加openssl到库
	vi /etc/ld.so.conf.d/ssl.conf
		/usr/local/lib64/
	ldconfig -v
安装openssh
	tar -zxvf openssh-9.9p1.tar.gz
	cd openssh-9.9p1
	./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-privsep-path=/var/lib/sshd --with-openssl=/usr/local --with-zlib=/usr/local/zlib
	make
	chmod 600 /etc/ssh/ssh_host_rsa_key
	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	chmod 600 /etc/ssh/ssh_host_ed25519_key
	make install
允许root登陆
	echo "PasswordAuthentication yes"   >> /etc/ssh/sshd_config
	echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
开机启动openssh
	cp -p contrib/redhat/sshd.init /etc/init.d/sshd
	chmod +x /etc/init.d/sshd
	chkconfig --add sshd
	chkconfig sshd on
	systemctl restart sshd
测试：
	ssh -V
	尝试远程登陆