CentOS7升级OpenSSH9.8p1

升级前准备

查看我们目前机器的ssh版本

[root@sc-can-33 soft]# ssh -V
OpenSSH_9.3p2, OpenSSL 3.0.8 7 Feb 2023

准备Telnet方式使用防止SSH中断无法操作

安装telnet xinetd
yum -y install xinetd* telnet*
然后在/etc/securetty加入如下内容:
[root@sc-can-33 soft]# vim /etc/securetty

pts/1
pts/2
pts/3
pts/4
pts/5
启动telnet
[root@sc-can-33 soft]# systemctl start telnet.socket
[root@sc-can-33 soft]# systemctl status telnet.socket
● telnet.socket - Telnet Server Activation Socket
   Loaded: loaded (/usr/lib/systemd/system/telnet.socket; disabled; vendor preset: disabled)
   Active: active (listening) since Wed 2025-04-02 11:36:55 CST; 5s ago
     Docs: man:telnetd(8)
   Listen: [::]:23 (Stream)
 Accepted: 0; Connected: 0

Apr 02 11:36:55 sc-can-33.novalocal systemd[1]: Listening on Telnet Server Activation Socket.
测试连接作为网络中断后的第二连接方式(非常重要)
[root@sc-can-33 soft]# telnet 192.168.237.51
Trying 192.168.237.51...
Connected to 192.168.237.51.
Escape character is '^]'.

Kernel 3.10.0-1160.118.1.el7.x86_64 on an x86_64
sc-can-33 login: root
Password: 
Last login: Wed Apr  2 09:11:37 from 192.168.241.18

升级中

准备编译环境

安装编译相关资源
yum install -y wget tar make gcc openssl-devel zlib-devel
查看sshrpm安装情况
[root@localhost ~]# rpm -qa | grep ssh
openssh-server-7.4p1-21.el7.x86_64
openssh-7.4p1-21.el7.x86_64
openssh-clients-7.4p1-21.el7.x86_64
libssh2-1.8.0-3.el7.x86_64
将原有进行备份
mv /etc/ssh /etc/ssh.bak
删除ssh(以自己的为准)
yum remove openssh-7.4p1
查看删除结果
rpm -qa | grep ssh

libssh2-1.8.0-4.el7_9.1.x86_64
下载最新版本openssh 9.8p1
[root@sc-can-33 soft]# wget https://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
--2025-04-02 11:51:07--  https://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz
Resolving mirrors.sonic.net (mirrors.sonic.net)... 157.131.224.201, 2001:5a8:601:4003:157:131:224:201
Connecting to mirrors.sonic.net (mirrors.sonic.net)|157.131.224.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1910393 (1.8M) [application/x-gzip]
Saving to: ‘openssh-9.8p1.tar.gz.1’

100%[=======================================================================================================>] 1,910,393   1.71MB/s   in 1.1s   

2025-04-02 11:51:09 (1.71 MB/s) - ‘openssh-9.8p1.tar.gz.1’ saved [1910393/1910393]
解压缩&&进入openssh9.8p1目录
[root@sc-can-33 soft]# tar -zxvf openssh-9.8p1.tar.gz
[root@sc-can-33 soft]# cd openssh-9.8p1/
[root@sc-can-33 openssh-9.8p1]#

编译过程

进行预编译生成make文件
CCFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib64" ./configure --sysconfdir=/etc/ssh

查看编译结果
      Host: x86_64-pc-linux-gnu
          Compiler: cc -std=gnu11
    Compiler flags: -g -O2 -pipe -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE  
Preprocessor flags:  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE -DOPENSSL_API_COMPAT=0x10100000L
      Linker flags: -L/usr/local/lib64 -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie 
         Libraries: -ldl -lutil  -lresolv
     +for channels: -lcrypto  -lz
         +for sshd: -lcrypt
编译
make
安装
make install

查看安装结果
/bin/install -c -m 644 sftp-server.8.out /usr/local/share/man/man8/sftp-server.8
/bin/install -c -m 644 ssh-keysign.8.out /usr/local/share/man/man8/ssh-keysign.8
/bin/install -c -m 644 ssh-pkcs11-helper.8.out /usr/local/share/man/man8/ssh-pkcs11-helper.8
/bin/install -c -m 644 ssh-sk-helper.8.out /usr/local/share/man/man8/ssh-sk-helper.8
/bin/mkdir -p /etc/ssh
ssh-keygen: generating new host keys: RSA ECDSA ED25519 
/usr/local/sbin/sshd -t -f /etc/ssh/sshd_config

操作相关文件参数调整

复制生成SSHD服务文件
cp -a contrib/redhat/sshd.init /etc/init.d/sshd
复制生成ssh-keygen到/usr/bin下
cp -a /usr/local/bin/ssh-keygen /usr/bin/ssh-keygen
查看安装结果
[root@sc-can-33 openssh-9.8p1]# ll /usr/local/sbin/sshd
-rwxr-xr-x 1 root root 522816 Apr  2 14:01 /usr/local/sbin/sshd
修改主程序位置
[root@localhost openssh-9.8p1]# vim  /etc/init.d/sshd

SSHD=/usr/local/sbin/sshd
设置开机启动
[root@localhost openssh-9.8p1]# chkconfig --add sshd
[root@localhost openssh-9.8p1]# chkconfig sshd on
[root@localhost openssh-9.8p1]# systemctl daemon-reload
[root@localhost openssh-9.8p1]# systemctl restart sshd
[root@localhost openssh-9.8p1]# systemctl status sshd
# 设置root可以远程登陆
[root@sc-can-33 openssh-9.8p1]# vim /etc/ssh/sshd_config

PermitRootLogin yes

Port 10018
重启sshd服务
[root@sc-can-33 openssh-9.8p1]# systemctl restart sshd
[root@sc-can-33 openssh-9.8p1]# systemctl status sshd

cp -a /usr/local/bin/ssh /usr/bin/ssh
最后测试ssh的版本
[root@sc-can-33 openssh-9.8p1]# ssh -V
OpenSSH_9.8p1, OpenSSL 3.0.8 7 Feb 2023

telnet服务停用(便于其他情况处理)

[root@sc-can-33 openssh-9.8p1]# systemctl stop telnet.socket
[root@sc-can-33 openssh-9.8p1]# systemctl status telnet.socket
● telnet.socket - Telnet Server Activation Socket
   Loaded: loaded (/usr/lib/systemd/system/telnet.socket; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:telnetd(8)
   Listen: [::]:23 (Stream)
 Accepted: 0; Connected: 0

Apr 02 11:36:55 sc-can-33.novalocal systemd[1]: Listening on Telnet Server Activation Socket.
Apr 02 14:15:21 sc-can-33.novalocal systemd[1]: Closed Telnet Server Activation Socket.
[root@sc-can-33 openssh-9.8p1]#
posted @ 2025-04-02 14:27  wangwenzhe  阅读(467)  评论(0)    收藏  举报