openssh升级

在ubuntu 20.04上将ssh版本从8.2p1升级至10.2p1
不同的是,centos上升级可能还需先升级zlib和openssl

1)升级ssh前,建议配置telnet作为备用连接方式

# 1) get .deb of telnetd & xinetd
apt install -y telnetd xinetd
cd /tmp
apt download telnetd xinetd
mkdir /opt/telnet-install
mv *.deb !$
tar -czvf telnet-install.tgz /opt/telnet-install

# 2) install telent server
cd /opt
tar xzvf telnet-install.tgz
cd telnet-install
dpkg -i *.deb
dpkg -l |grep telnetd
dpkg -l |grep xinetd

# 3) edit config file
vim /etc/xinetd.d/telnet
#--------------------------
service telnet
{
    disable = no
    socket_type = stream
    protocol = tcp
    wait = no
    user = root
    server = /usr/sbin/in.telnetd
    log_on_failure += USERID
}
#------------------------------------

# 4) start telnet
systemctl start xinetd

 

2)查看版本

gcc --version
make --version
dpkg -l |grep zlib
# rpm -qa |grep zlib
openssl version
ssh -V

 

3)备份

cp -a /usr/bin/ssh /usr/bin/ssh-bak
cp -a /usr/sbin/sshd /usr/sbin/sshd-bak
cp -a /usr/bin/ssh-keygen /usr/bin/ssh-keygen-bak
# systemctl status sshd
cp -a /xxx/systemd/system/ssh.service /xxx/systemd/system/ssh.service-bak
cp -a /etc/ssh /etc/ssh-bak
cp -a /etc/pam.d/sshd /etc/pam.d/sshd-bak

 

4)下载(在能访问外网的机器上执行)

mkdir /opt/openssh-install
cd !$
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.2p1.tar.gz
apt install -y gcc build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev
cd /tmp && apt download gcc build-essential zlib1g-dev libssl-dev libpam0g-dev libselinux1-dev
mv /tmp/*deb /opt/openssh-install
cd /opt
tar -xzvf openssh-10.2p1-install.tgz ./openssh-install/

 

5)拷贝安装包并安装

cd /opt
tar -xzvf openssh-10.2p1-install.tgz
cd openssh-install
dpkg -i *.deb
tar -xzvf openssh-10.2p1.tar.gz
chown -R root:root openssh-10.2p1
cd !$
./configure --prefix=/usr/local/openssh-10.2p1 --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr --with-md5-passwords --mandir=/usr/share/man
make && make install
/usr/loca/openssh-10.2p1/bin/ssh -V
cp -rf /usr/local/openssh-10.2p1/bin/ssh /usr/bin/ssh
# edit sshd_config
systemctl restart sshd
ssh -V

 

6)验证ssh登录并关闭telnet

systemctl stop xinetd

 

# wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
# wget http://www.zlib.net/zlib-1.3.1.tar.gz
##

## zlib install##
tar -xzvf zlib-1.3.1.tar.gz
chown -R root:root zlib-1.3.1
cd !$
./configure --prefix=/usr/local/zlib-1.3.1
make && make install
echo "/usr/local/zlib-1.3.1/lib" >> /etc/ld.so.conf
ldconfig

## openssl install##
tar -xzvf openssl-1.1.1w.tar.gz
chown -R rootLroot openssl-1.1.1w
cd !$
./config shared zlib --prefix=/usr/local/openssl-1.1.1w 
make clean && make && make install
mv /usr/bin/openssl /usr/bin/openssl-bak
cp -a /usr/local/openssl-1.1.1w/bin/openssl /usr/bin/openssl
cp -a /usr/local/openssl-1.1.1w/lib/libssl.so.1.1 /usr/lib64/
cp -a /usr/local/openssl-1.1.1w/lib/libcrypto.so.1.1 /usr/lib64/
echo "/usr/local/openssl-1.1.1w/lib" >> /etc/ld.so.conf
echo "/usr/local/openssl-1.1.1w/lib" >> /etc/ld.so.conf.d/openssl.conf
ldconif 
openssl version

## openssh install ##
...
./configure --prefi=/usr/local/openssh-10.2p1 --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/openssl-1.1.1w --with-zlib=/usr/local/zlib-1.3.1
...

 

posted on 2026-01-13 15:57  Karlkiller  阅读(20)  评论(0)    收藏  举报

导航