Linux Centos OpenSSH升级到8.8版本

参考文档：
https://blog.csdn.net/weixin_29353947/article/details/113090223
https://cloud.tencent.com/developer/article/1883608

OpenSSH下载地址：
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/

OpenSSL下载地址：
https://www.openssl.org/source/openssl-1.1.1l.tar.gz

zlib下载地址：
http://www.zlib.net/zlib-1.2.11.tar.gz

Linux依赖下载地址：(中间的版本号6.5替换成当前服务器的,查看版本命令：cat /etc/redhat-release)
https://vault.centos.org/6.5/os/x86_64/Packages/

第一步：

安装gcc、pam-devel、openssl-devel、zlib-devel依赖

#批量安装
rpm -Uvh *.rpm --nodeps --force

第二步：

安装OpenSSL

# 解压
tar -xf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l
# 配置
./config --prefix=/usr/local/openssl shared
# 编译
make
# 安装
make install 
#配置
ln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
#验证
/usr/local/openssl/bin/openssl

如图所示代表安装成功：

 第三步：

安装zlib

# 解压
tar -xf zlib-1.2.11.tar.gz
# 进入源码目录
cd zlib-1.2.11
# 预编译
./configure --prefix=/usr/local/zlib
# 编译
make
# 安装
make install

第四步：

安装OpenSSH

# 解压
tar -xf openssh-8.8p1.tar.gz
cd openssh-8.8p1
# 备份
mv /etc/ssh /etc/sshbak
mv /usr/bin/ssh /usr/bin/sshbak
mv /usr/sbin/sshd /usr/sbin/sshdbak
# 预编译
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh  --with-ssl-dir=/usr/local/openssl --with-zlib-dir=/usr/local/zlib --without-openssl-header-check
# 编译
make
# 安装
make install
# 配置
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp contrib/redhat/sshd.init /etc/init.d/sshd
# 修改配置文件
vi /etc/ssh/sshd_config
将以下三行注释放开，去掉#
Port 22
PermitRootLogin yes(修改为yes)
PasswordAuthentication yes
在sshd_config文件的最后添加以下内容支持低版本：
KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org
# 重启SSH
service sshd restart
# 查看SSH是否更新成功
ssh -V

sshd_config配置文件如下：

 如果连接时出现错误信息： Key exchange failed. No compatible key exchange method. The server supports these methods: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 No compatible hostkey. The server supports these methods: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519

配置文件添加以下内容以支持低版本：

KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org

随后重启即可