1.安装选项:
--prefix 安装目录
--sysconfdir 配置文件目录
--with-ssl-dir 指定 OpenSSL 的安装目录
--with-privsep-path 非特权用户的chroot目录
--with-privsep-user=sshd 指定非特权用户为sshd
--with-zlib 指定zlib库的安装目录
--with-md5-passwords 支持读取经过MD5加密的口令
--with-ssl-engine 启用OpenSSL的ENGINE支持
2.编译安装
tar zxvf openssh-7.3p1.tar.gz
cd openssh-7.3p1
./configure --prefix=/usr/local/openssh \
--with-zlib \
--with-md5-passwords \
--with-ssl-engine \
--with-ssl-dir=/usr/local/ssl \ centos6.5以下版本编译openssl的目录
--without-openssl-header-check \ centos6.5以下版本升级到openssh7.5加此项
--with-tcp-wrappers \
--with-pam
make
make install
3.安装后的操作
cd /usr/bin
mv scp scp.5.3
mv sftp sftp.5.3
mv slogin slogin.5.3
mv ssh ssh.5.3
mv ssh-add ssh-add.5.3
mv ssh-agent ssh-agent.5.3
mv ssh-keygen ssh-keygen.5.3
mv ssh-keyscan ssh-keyscan.5.3
ln -s /usr/local/openssh/bin/scp scp
ln -s /usr/local/openssh/bin/sftp sftp
ln -s /usr/local/openssh/bin/ssh slogin
ln -s /usr/local/openssh/bin/ssh ssh
ln -s /usr/local/openssh/bin/ssh-add ssh-add
ln -s /usr/local/openssh/bin/ssh-agent ssh-agent
ln -s /usr/local/openssh/bin/ssh-keygen ssh-keygen
ln -s /usr/local/openssh/bin/ssh-keyscan ssh-keyscan
cd /etc/
mv ssh 00-ssh.5.3
ln -s /usr/local/openssh/etc /etc/ssh
mv /etc/init.d/sshd /etc/init.d/sshd.5.3
4.ssh安全设置
vim /etc/ssh/sshd_config
PermitRootLogin no 不允许root远程登录
UseDNS no 不使用DNS
5.修改自启动文件
vim /home/soft/openssh-7.3p1/contrib/redhat/sshd.init
SSHD=/usr/sbin/sshd
/usr/bin/ssh-keygen -A
/sbin/restorecon /etc/ssh/ssh_host_key.pub
修改为:
SSHD=/usr/local/openssh/sbin/sshd
/usr/local/openssh/bin/ssh-keygen -A
#/sbin/restorecon /etc/ssh/ssh_host_key.pub
cp /home/soft/openssh-7.3p1/contrib/redhat/sshd.init /etc/init.d/sshd
/etc/init.d/sshd restart 重启ssh服务