参考
- https://blog.csdn.net/cndndj/article/details/107098553
- https://www.cnblogs.com/saneri/p/11778409.html
- https://blog.csdn.net/werm520/article/details/49997255
- https://bbs.huaweicloud.com/blogs/184553
通过虚拟机下载提取安装包(有的机房禁止访问外网)
yum install --downloadonly --downloaddir=rpm gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre-devel pam-devel krb5-develcd rpm
rpm -ivh autoconf-2.69-11.el7.noarch.rpm cpp-4.8.5-39.el7.x86_64.rpm gcc-4.8.5-39.el7.x86_64.rpm gcc-c++-4.8.5-39.el7.x86_64.rpm glibc-devel-2.17-307.el7.1.x86_64.rpm glibc-headers-2.17-307.el7.1.x86_64.rpm kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm libcom_err-devel-1.42.9-17.el7.x86_64.rpm libkadm5-1.15.1-46.el7.x86_64.rpm libselinux-devel-2.5-15.el7.x86_64.rpm libsepol-devel-2.5-10.el7.x86_64.rpm libstdc++-devel-4.8.5-39.el7.x86_64.rpm libverto-devel-0.2.5-4.el7.x86_64.rpm m4-1.4.16-10.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm pam-devel-1.1.8-23.el7.x86_64.rpm pcre-devel-8.32-17.el7.x86_64.rpm zlib-devel-1.2.7-18.el7.x86_64.rpm krb5-devel-1.15.1-46.el7.x86_64.rpm
下载openssh8.3p1 和 openssl-1.1.9.tar.gz
wget -c https://ftp.openssl.org/source/openssl-1.1.1g.tar.gz
wget -c https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/openssh-8.3.tar.gz解压并编译安装openssl
openssl version #查看当前版本,等升级完对比
OpenSSL 1.0.2k-fips 26 Jan 2017
mv /usr/bin/openssl /usr/bin/openssl_bak #备份
mv /usr/include/openssl /usr/include/openssl_bak #备份
tar -zxvf openssl-1.1.1g.tar.g
cd openssl-1.1.1g/
./config --prefix=/usr/local/ssl -d shared && make && make install
echo $? #echo $?查看下最后的make install是否有报错,0表示没有问题
0
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl #生成软链接
ln -s /usr/local/ssl/include/openssl /usr/include/openssl #生成软链接
ll /usr/bin/openssl #查看是否生成成功
/usr/bin/openssl -> /usr/local/ssl/bin/openssl
ll /usr/include/openssl -ld #查看是否生成成功
/usr/include/openssl -> /usr/local/ssl/include/openssl
#执行下面命令加载配置
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
/sbin/ldconfig
openssl version #查看确认版本
如果出现openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
#查找libssl.so.1.1的目录 然后生成软链接
find / -name "libssl.so.1.1"
/usr/local/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
解压并安装openssh
ssh -V #查看ssh版本
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
tar -zxvf openssh-8.3p1.tar.gz
cd openssh-8.3p1
chown -R root.root /root/openssh/openssh-8.3p1 #更改当前目录所属用户和用户组为root
rm -rf /etc/ssh/* #删除原先ssh的配置文件和目录
./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-openssl-includes=/usr/local/ssl/include --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords --with-pam && make && make install #配置编译安装
#如果遇到权限问题 permission 0640 for xxxx 将报权限问题的目录都设为600
chmod -R 0600 /etc/ssh/ssh_host_ecdsa_key
echo $? #同上
0
#修改sshd配置
vim /etc/sshd_config
PermitRootLogin yes
UseDNS no
#从安装目录cp文件到目标位置
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam
#设置执行权限
chmod +x /etc/init.d/sshd
#添加启动项
chkconfig --add sshd
systemctl enable sshd
#把原先的systemd管理的sshd文件删除或者移走或者删除,不移走的话影响我们重启sshd服务
mv /usr/lib/systemd/system/sshd.service /tmp/
#设置开机启动
chkconfig sshd on
#重启sshd
systemctl restart sshd.service
#查看sshd是否启动
netstat -lntp
#测试版本
ssh -V
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020