1、升级OpenSSH后,原有公钥失效,信任关系需要重新配置
2、升级过程需要停止sshd服务,会导致ssh和sftp无法使用
3、升级需要关闭防火墙服务
4、升级需要关闭selinux服务
5、升级前需要开启telnet,防止升级失败,系统无法登录,对应的防火墙需要开启23端口,安装需要telnet相关依赖包
6、升级过程中需要刷新lib库:ldconfig -v
7、升级顺序:顺序是zlib库-> openssl -> openssh
8、升级需要gcc、make、perl、zlib、zlib-devel、pam、pam-devel等依赖包
二、升级准备下载下面的安装包上传到系统
openssh.zip
三、升级操作1、请务必开启telnet,以免升级过程中断导致无法连接系统
2、安装启动telnet服务端,以便升级失败时能通过telnet协议登录系统
3、为避免防火墙和selinux造成影响,在升级过程中,建议将其关闭
四、安装1、安装gcc
cd gcc rpm -Uvh *.rpm --nodeps --force gcc --version cd ..
2、安装gcc-c++
cd gcc-c++ rpm -Uvh *.rpm --nodeps --force cd ..
3、安装make
tar -zxvf make-4.2.tar.gz cd make-4.2 ./configure make make install ln -s -f /usr/local/bin/make /usr/bin/make cd ..
4、安装glibc
cd glibc rpm -ivh glibc-* cd ..
5、安装pam和pam-devel
cd pam rpm -ivh pam-1.1.8-23.el7.x86_64.rpm rpm -ivh pam-devel-1.1.8-23.el7.x86_64.rpm --nodeps --force cd ..
#6、安装openssl-devel(跳过)
rpm -ivh openssl-devel-1.0.2k-19.el7.x86_64.rpm
8、安装pcre和pcre-devel
cd pcre rpm -ivh pcre-8.32-17.el7.x86_64.rpm rpm -ivh pcre-devel-8.32-17.el7.x86_64.rpm --nodeps --force cd ..
#10、安装perl(跳过)
rpm -ivh perl-5.16.3-297.el7.x86_64.rpm --nodeps --force
10、卸载perl
rpm -qa|grep perl rpm -e `rpm -qa|grep perl` --nodeps
11、zlib-devel
rpm -ivh zlib-devel-1.2.7-18.el7.x86_64.rpm
14、停止并卸载系统自带ssh组件(之前编译升级过的系统执行后会报错,可忽略)
systemctl stop sshd cp -r /etc/ssh /etc/ssh.bak cp /etc/init.d/sshd /etc/init.d/sshd.bak 出现cp: 无法获取"/etc/init.d/sshd" 的文件状态(stat): 没有那个文件或目录可忽略 rpm -qa | grep openssh rpm -e `rpm -qa | grep openssh` --nodeps //正常卸载自带ssh后,执行此条命令,没有结果返回 rpm -qa | grep openssh
12、安装zlib
tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 ./configure --prefix=/usr/local/zlib make && make install ls -l /usr/local/zlib echo "/usr/local/zlib/lib" >> /etc/ld.so.conf.d/zlib.conf ldconfig -v cd ..
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-FWG7tD2c-1636102469128)(C:UsersdeviceAppDataRoamingTyporatypora-user-images1636006861199.png)]
13、安装perl(过程较长,耐心等待,切勿打断)
tar -zxvf perl-5.28.0.tar.gz cd perl-5.28.0 ./Configure -de make //make test make install perl -v cd ..
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-L87pZqxK-1636102469134)(C:UsersdeviceAppDataRoamingTyporatypora-user-images1636007168753.png)]
15、安装和配置openssl(过程较长,耐心等待,切勿打断)
tar -zxvf openssl-1.1.1l.tar.gz cd openssl-1.1.1l ./config shared zlib && make && make install mv -f /usr/bin/openssl /usr/bin/openssl.bak ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl mv /usr/include/openssl /usr/include/openssl.bak ln -s /usr/local/ssl/include/openssl /usr/include/openssl echo "/usr/local/ssl/lib" >> /etc/ld.so.conf.d/ssl.conf ldconfig -v ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1 openssl version cd ..
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AfITCtNL-1636102469137)(C:UsersdeviceAppDataRoamingTyporatypora-user-images1635925402405.png)]
15、卸载旧openssl
//报错提示:configure: error: OpenSSL library not found. rpm -qa|grep openssl rpm -e openssl-devel-1.0.2k-19.el7.x86_64 --nodeps rpm -e openssl-1.0.2k-19.el7.x86_64 --nodeps rpm -e openssl-libs-1.0.2k-19.el7.x86_64 --nodeps
16、安装和配置openssh8.8(过程较长,耐心等待,切勿打断)
mv /etc/ssh /etc/ssh.bak tar -zxvf openssh-8.8p1.tar.gz cd openssh-8.8p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --without-openssl-header-check --with-ssl-dir=/usr/local --with-privsep-path=/var/lib/sshd make && make install echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config echo "PermitRootLogin yes" >> /etc/ssh/sshd_config cd .. cp -p openssh-8.8p1/contrib/redhat/sshd.init /etc/init.d/sshd chmod +x /etc/init.d/sshd chmod 600 /etc/ssh/ssh_host_rsa_key chmod 600 /etc/ssh/ssh_host_ecdsa_key chmod 600 /etc/ssh/ssh_host_ed25519_key chkconfig --add sshd chkconfig sshd on systemctl restart sshd systemctl status sshd ssh -V
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Rftrakl2-1636102469141)(C:UsersdeviceAppDataRoamingTyporatypora-user-images1636009831895.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-3SCkLwHQ-1636102469143)(C:UsersdeviceAppDataRoamingTyporatypora-user-images1636009796314.png)]
