升级前首先确定当前openssh、openssl、zlib的版本,查看版本操作如下:
[[email protected] ~]# ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
[[email protected] ~]# rpm -q zlib
zlib-1.2.7-17.el7.x86_64
由此可以看到当前openssh版本为:7.4p1,openssl版本为:1.02k-fips,zlib
版本为1.2.7。
到相应的官网下载最新版本
OpenSSH:https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
OpenSSL: https://www.openssl.org/source/
zlib: https://www.openssl.org/source/
为避免升级过程出现错误导致sshd服务挂掉,可以先安装telnet服务或者在机房方便处理故障。
OpenSSL升级方法参考我的另一篇文章https://blog.51cto.com/mading/2161246
注意:升级前请确认已安装gcc编译环境,关闭selinux,升级前做好备份。
zlib升级
卸载老版本zlib
[[email protected] ~]# rpm -e --nodeps zlib
解压编译
[[email protected] ~]# tar -zxvf zlib-1.2.11.tar.gz
[[email protected] ~]# cd zlib-1.2.11/
[[email protected] zlib-1.2.11]# ./configure --prefix=/usr/local/zlib
[[email protected] zlib-1.2.11]# make test
[[email protected] zlib-1.2.11]#make install
构建共享库
[[email protected] zlib-1.2.11]#make clean
[[email protected] zlib-1.2.11]#./configure --shared
[[email protected] zlib-1.2.11]#make test
[[email protected] zlib-1.2.11]#make install
OpenSSH升级
卸载老版本openssh
[[email protected] ~]# rpm -e --nodeps openssh
解压编译
[[email protected] ~]# tar -zxvf openssh-8.0p1.tar.gz
[[email protected] openssh-8.0p1]#./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-privsep=path=/var/lib/sshd
*注意:--with-zlib --with-ssl-dir的路径为编译安装openssl的路径*
[[email protected] openssh-8.0p1]#make && make install
编译过程中可能会出现各种各样的错误,根据提示的错误信息找相应的解决办法,这里不做具体说明。
编译完成后查看是否安装成功
[[email protected] openssh-8.0p1]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.1.0k 28 May 2019
配置
[[email protected] openssh-8.0p1]# install -v -m755 contrib/ssh-copy-id /usr/bin/
"contrib/ssh-copy-id" -> "/usr/bin/ssh-copy-id"
[[email protected] openssh-8.0p1]# install -v -m644 contrib/ssh-copy-id.1 /usr/share/man/man1
"contrib/ssh-copy-id.1" -> "/usr/share/man/man1/ssh-copy-id.1"
[[email protected] openssh-8.0p1]# install -v -m755 -d /usr/share/doc/openssh-8.0p1*注意:openssh-8.0p1根据具体的openssh版本号填写*
install: 正在创建目录"/usr/share/doc/openssh-8.0p1"
[[email protected] openssh-8.0p1]# install -v -m644 INSTALL LICENCE OVERVIEW README* /usr/share/doc/openssh-8.0p1
"INSTALL" -> "/usr/share/doc/openssh-8.0p1/INSTALL"
"LICENCE" -> "/usr/share/doc/openssh-8.0p1/LICENCE"
"OVERVIEW" -> "/usr/share/doc/openssh-8.0p1/OVERVIEW"
"README" -> "/usr/share/doc/openssh-8.0p1/README"
"README.dns" -> "/usr/share/doc/openssh-8.0p1/README.dns"
"README.md" -> "/usr/share/doc/openssh-8.0p1/README.md"
"README.platform" -> "/usr/share/doc/openssh-8.0p1/README.platform"
"README.privsep" -> "/usr/share/doc/openssh-8.0p1/README.privsep"
"README.tun" -> "/usr/share/doc/openssh-8.0p1/README.tun"
默认端口为22,root默认不能远程登录,在/etc/ssh/sshd_config里面添加"PermitRootLogin yes"
[[email protected] openssh-8.0p1]# vim /etc/ssh/sshd_config
配置sshd开机自启
[[email protected] openssh-8.0p1]# cp -p contrib/redhat/sshd.init /etc/init.d/sshd
[[email protected] openssh-8.0p1]# chmod a+x /etc/init.d/sshd
[[email protected] openssh-8.0p1]# chkconfig --add sshd
[[email protected] openssh-8.0p1]# chkconfig sshd on
原文地址:https://blog.51cto.com/mading/2433735
时间: 2024-11-05 17:34:10