centos7 升级到 openssh-8.5p1

centos7 升级到 openssh-8.5p1

版本查看

ssh -V
openssl version

1. yum升级到最新可用版本(openssh7.4p1)

yum update openssh

2. 安装telnet-server 以及 xinetd

yum install xinetd telnet-server -y

3. 配置telnet登录的终端类型，在/etc/securetty 文件末尾增加一些pts终端，如下

cat >> /etc/securetty <<EOF
pts/0
pts/1
pts/2
pts/3
EOF

4.启动telnet服务，并设置开机自动启动

systemctl enable xinetd 
systemctl enable telnet.socket
systemctl start telnet.socket
systemctl start xinetd

5.使用telnet 登陆,以后操作都是通过telnet

6.备份并移除老文件 ( 这些配置可能影响装完以后的登陆 所以备份)

mkdir /root/update
cd /root/update
cp /etc/ssh/sshd_config sshd_config
cp /etc/pam.d/sshd sshd

yum remove openssl-devel
rm -rf /etc/ssl

7.安装依赖包

yum install  -y gcc gcc-c++ glibc make autoconf pcre-devel  pam-devel
yum install  -y pam* zlib*

8.下载openssh包和openssl的包

# https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
# https://ftp.openssl.org/source/
wget https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.5p1.tar.gz
wget https://ftp.openssl.org/source/openssl-1.1.1j.tar.gz

9.安装 openssl

tar xfz openssl-1.1.1j.tar.gz
openssl version
mv /usr/bin/openssl /usr/bin/openssl_bak
cd openssl-1.1.1j
./config  --prefix=/usr/local --openssldir=/usr/local/ssl
make && make install
./config shared --prefix=/usr/local --openssldir=/usr/local/ssl
make clean
make && make install
echo $?
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl /usr/include/openssl
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version

10.安装openssh

rm -rf /etc/ssh
cd /root/update
tar xfz openssh-8.5p1.tar.gz
cd openssh-8.5p1
./configure --prefix=/usr/ --sysconfdir=/etc/ssh  --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl   --with-zlib   --with-md5-passwords   --with-pam
make clean
make && make install
echo $?
\cp -af contrib/redhat/sshd.init /etc/init.d/sshd
\cp -af contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
chmod +x /etc/init.d/sshd

cat >> /etc/ssh/sshd_config <<EOF
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
EOF

chkconfig --add sshd
mv /usr/lib/systemd/system/sshd.service /root/update/sshd.service
chkconfig sshd on
systemctl enable sshd
systemctl start sshd
ssh -V

11.检测ssh 可以正常登陆,使用ssh登陆,然后 停止telnet服务 并 移除

systemctl stop telnet.socket
systemctl stop xinetd
systemctl disable xinetd 
systemctl disable telnet.socket

参考文章: https://www.cnblogs.com/nmap/p/10779658.html