1. 安装依赖
yum -y install gcc openssl11 openssl11-devel pam-devel zlib-devel
2. 设置编译 FLAG
export CFLAGS=$(pkg-config --cflags libssl11)
export LDFLAGS=$(pkg-config --libs libssl11)
3. 备份配置,删除系统自带软件包
mv /etc/pam.d/sshd /etc/pam.d/sshd.bak
rpm -e --nodeps $(rpm -qa | grep openssh)
rm -rf /etc/ssh/*
4. 下载源码包,编译安装
cd src
wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz
tar xf openssh-9.3p1.tar.gz
cd openssh-9.3p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib
make -j$(nproc)
make install
5. 修改服务端和客户端配置,支持 RSA 密钥
cat >> /etc/ssh/sshd_config << EOF
PubkeyAcceptedAlgorithms=+ssh-rsa
UseDNS no
UsePAM yes
EOF
echo 'PubkeyAcceptedKeyTypes +ssh-rsa' >> /etc/ssh/ssh_config
注意事项:如华为云、阿里云、腾讯云等使用 root 用户登录云主机的系统,需要执行此操作,否则可以免去以下步骤
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
6. 还原配置,添加启动服务
mv /etc/pam.d/sshd.bak /etc/pam.d/sshd
cp contrib/redhat/sshd.init /etc/init.d/sshd
chkconfig --add sshd
chkconfig sshd on
systemctl daemon-reload
systemctl restart sshd