麒麟系统升级openssh至openssh-10.0p1

升级openssh需要三个包zlib-1.2.13.tar.gz、openssl-1.1.1t.tar.gz、openssh-10.0p2.tar.gz 

并且顺序不能错：zlib > openssl > openssh

首先安装一套 telnet 用于备份！!  首先安装一套 telnet 用于备份！!  首先安装一套 telnet 用于备份！!  

sudo yum install -y telnet-server
echo "pts/0" | sudo tee -a /etc/securetty #允许 root 通过 telnet 登录

sudo systemctl enable telnet.socket
sudo systemctl start telnet.socket
sudo systemctl status telnet.socket

iptables -I INPUT -p tcp --dport 23 -j ACCEPT
service iptables save
#放行防火墙端口
sudo netstat -tnlp | grep 23 #检查端口是否监听

测试：
telnet ip 23

升级基础包：

 yum install -y gcc gcc-c++ zlib-devel libtool autoconf automake perl perl-IPC-Cmd perl-Data-Dumper perl-CPAN

安装 zlib-1.2.13.tar.gz、openssl-1.1.1t.tar.gz、openssh-10.0p2.tar.gz 

下载地址：

zlib-1.2.13.tar.gz http://zlib.net/fossils/zlib-1.2.13.tar.gz  

openssl-1.1.1t.tar.gz https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz

openssh-10.0p2.tar.gz （解压出来是openssh-10.0p1， 只是命名上存在混淆）https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.0p2.tar.gz

#安装 zlib
tar zxvf zlib-1.2.13.tar.gz
cd zlib-1.2.13
./configure --prefix=/usr/local/zlib
make && make install

#安装 openssl
cd ..
tar zxvf openssl-1.1.1t.tar.gz
cd openssl-1.1.1t
./config --prefix=/usr/local/ssl -d shared
make && make install
echo '/usr/local/ssl/lib' >> /etc/ld.so.conf

#卸载旧版openssh
yum -y remove openssh

#安装 openssh
cd ..
tar zxvf openssh-10.0p2.tar.gz
cd openssh-10.0p1	#只是命名上存在混淆
./configure --prefix=/usr/local/openssh --with-zlib=/usr/local/zlib --with-ssl-dir=/usr/local/ssl --without-openssl-header-check
make && make install

#配置
echo 'PermitRootLogin yes' >> /usr/local/openssh/etc/sshd_config
echo 'PubkeyAuthentication yes' >> /usr/local/openssh/etc/sshd_config
echo 'PasswordAuthentication yes' >> /usr/local/openssh/etc/sshd_config
cd contrib/redhat/
cp sshd.init  /etc/init.d/sshd
chkconfig --add sshd
cp /usr/local/openssh/etc/sshd_config /etc/ssh/sshd_config 
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd  #出现： Text file busy，就用下面的
## cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd.new 
## mv /usr/sbin/sshd.new /usr/sbin/sshd

cp /usr/local/openssh/bin/ssh /usr/bin/ssh
cp /usr/local/openssh/bin/ssh-keygen /usr/bin/ssh-keygen
cp /usr/local/openssh/etc/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ecdsa_key.pub
#启动
systemctl start sshd.service
chkconfig --add sshd
chkconfig sshd on

#验证
systemctl status sshd

## 查看当前运行服务路径
ps -ef | grep sshd
root     1234     1  0 10:00 ?   sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups

/usr/sbin/sshd -V #检查当前运行的版本是否正确
sshd -V #检查系统的