OpenSSH_6.6.1p1升级到openssh-9.1p1
1.1 升级zlib
tar -xzf zlib-1.2.11.tar.gz && cd zlib-1.2.11
升级openssh用到的目录,确保目录底下有lib目录(库文件)
./configure --prefix=/usr/local/zlib && make -j 8 && make install
更新动态链接库
echo "/usr/local/zlib/lib" >> /etc/ld.so.conf
ldconfig -v
1.2 升级openssl
tar -xzf openssl-OpenSSL_1_1_0k.tar.gz
./config --prefix=/usr/local/openssl --shared && make -j 8 && make install
mv /usr/bin/openssl /usr/bin/openssl_bak && mv /usr/include/openssl/ /usr/include/openssl_bak/
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl && ln -s /usr/local/openssl/include/openssl/ /usr/include/openssl
(注意此处软链接需要按住实际路径)
更新动态链接库
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
ldconfig -v
1.3 升级openssh
tar -xzf openssh-9.1p1.tar.gz
mv /etc/ssh/ /etc/ssh_bak/ && mv /etc/init.d/ssh /etc/init.d/ssh_bak && mv /usr/bin/ssh /usr/bin/ssh_bak && cd openssh-9.1p1/
不加参数--with-pam,否则会报错configure: error: PAM headers not found
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd
make -j 8 && make install
1.4 升级openssh 9.8p1
tar -xzf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --prefix=/usr/local/openssl --shared && make -j 8 && make install
mv /usr/bin/openssl /usr/bin/openssl_bak && mv /usr/include/openssl/ /usr/include/openssl_bak/
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl && ln -s /usr/local/openssl/include/openssl/ /usr/include/openssl
(注意此处软链接需要按住实际路径)
更新动态链接库
echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
ldconfig -v
tar -xzf openssh-9.8p1.tar.gz
cd openssh-9.8p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-md5-passwords --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/openssl --with-privsep-path=/var/lib/sshd
make -j 8 && make install
查看是否升级成功
ssh -V
拷贝源文件目录中的sshd.init
cp -a contrib/redhat/sshd.init /etc/init.d/ssh &&\
vim /etc/ssh/sshd_config
修改配置中的以下参数,使之和原来配置信息保持一致
PermitRootLogin yes
PasswordAuthentication yes
修改sshd_config文件立即生效
service ssh reload && service ssh restart && service ssh status
No Comments