update-openssh-9.9p1

Openssh-9.9p1:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz
Openssl-1.1.1w:
https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz

编译安装

编译安装版本为9.9p1

1、备份配置

1
2
cp -rf /etc/ssh /etc/ssh.bak
cp -rf /etc/pam.d /etc/pam.d.bak

2、安装依赖

1
yum -y install gcc pam-devel zlib-devel openssl-devel net-tools wget

3、下载源码

(在线下载地址,openssl下载地址为github,由于访问限制,故使用个人地址中转)如无网络,可上传下载的离线源码包进行编译安装。

1
2
3
cd /opt
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.9p1.tar.gz
wget --no-check-certificate https://wp.estning.com/openssl-1.1.1w.tar.gz

4、解压源码

1
2
tar xf openssl-1.1.1w.tar.gz
tar xf openssh-9.9p1.tar.gz

5、安装openssl

1.进入openssl-1.1.1w目录
1
cd /opt/openssl-1.1.1w
2.配置
1
./config --prefix=/usr/local/src/openssl
3.编译
1
make -j$(nproc)
4.安装
1
make install
5.备份旧文件目录
1
2
mv /usr/include/openssl/ /usr/include/openssl.bak
mv /usr/bin/openssl /usr/bin/openssl.bak
6.创建软连接
1
2
3
4
5
ln -s /usr/local/src/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/src/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so
ln -s /usr/local/src/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/src/openssl/lib/libssl.so.1.1 /usr/local/lib64/libssl.so.1.1
ln -s /usr/local/src/openssl/lib/libcrypto.so.1.1 /usr/local/lib64/libcrypto.so.1.1
7.更新动态库
1
2
echo "/usr/local/lib64" >> /etc/ld.so.conf
ldconfig
8.查看更新后的版本:
1
2
openssl version
显示版本:OpenSSL 1.1.1w  11 Sep 2023

6、卸载旧服务

1.卸载openssh
1
yum remove -y openssh
2.清理残余文件
1
rm -rf /etc/ssh/*

7、安装openssh

1.进入openssh-9.9p1目录
1
cd /opt/openssh-9.9p1
2.配置
1
./configure --prefix=/usr/local/src/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/src/openssl
3.编译
1
make -j$(nproc)
4.安装
1
make install
5.查看目录版本
1
/usr/local/src/openssh/bin/ssh -V
6.复制新ssh文件
1
2
3
4
5
6
cp -rf /opt/openssh-9.9p1/contrib/redhat/sshd.init /etc/init.d/sshd
cp -rf /opt/openssh-9.9p1/contrib/redhat/sshd.pam /etc/pam.d/sshd

cp -rf /usr/local/src/openssh/sbin/sshd /usr/sbin/sshd
cp -rf /usr/local/src/openssh/bin/ssh /usr/bin/ssh
cp -rf /usr/local/src/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
7.允许root登录
1
2
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
8.重启sshd服务
1
/etc/init.d/sshd restart
9.查看服务运行状态
1
/etc/init.d/sshd status
10.添加开机启动
1
chkconfig --add sshd
11.centos7版本及以上添加开启启动
1
systemctl enable sshd

8.查看升级后ssh版本

1
2
ssh –V
显示:OpenSSH_9.9p1, OpenSSL 1.1.1w  11 Sep 2023